Check ASN1_INTEGER_get for errors.

Check return value when calling ASN1_INTEGER_get to retrieve a certificate
serial number. If an error occurs (which will be caused by the value being
out of range) revert to hex dump of serial number.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 377be399df6dfcc4876cb23b9f0c3891d9ecd7c1..12a9ed4940aee69a4e7817c37d4e6a791b6273aa 100644 (file)
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -141,7 +141,13 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
 
         bs = X509_get_serialNumber(x);
         if (bs->length <= (int)sizeof(long)) {
-            l = ASN1_INTEGER_get(bs);
+                ERR_set_mark();
+                l = ASN1_INTEGER_get(bs);
+                ERR_pop_to_mark();
+        } else {
+            l = -1;
+        }
+        if (l != -1) {
             if (bs->type == V_ASN1_NEG_INTEGER) {
                 l = -l;
                 neg = "-";