From: Kurt Roeckx Date: Sat, 14 Jan 2017 15:10:25 +0000 (+0100) Subject: Fix undefined behaviour when printing the X509 and CRL version X-Git-Tag: OpenSSL_1_1_0d~44 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c565e99a14bf43f11d006d36612fe7943f9e817f;p=oweals%2Fopenssl.git Fix undefined behaviour when printing the X509 and CRL version Found by oss-fuzz Reviewed-by: Andy Polyakov GH: #2231 (cherry picked from commit c2ce477f1f3c0a98802fb087b0cf4b0a99ea2b1d) --- diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c index de0320d075..f3ca6db8e5 100644 --- a/crypto/x509/t_crl.c +++ b/crypto/x509/t_crl.c @@ -44,7 +44,10 @@ int X509_CRL_print(BIO *out, X509_CRL *x) BIO_printf(out, "Certificate Revocation List (CRL):\n"); l = X509_CRL_get_version(x); - BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l); + if (l >= 0 && l <= 1) + BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l); + else + BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l); X509_CRL_get0_signature(x, &sig, &sig_alg); X509_signature_print(out, sig_alg, NULL); p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 0fced677dd..77ce810835 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -60,8 +60,13 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, } if (!(cflag & X509_FLAG_NO_VERSION)) { l = X509_REQ_get_version(x); - if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, l) <= 0) - goto err; + if (l >= 0 && l <= 2) { + if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0) + goto err; + } else { + if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0) + goto err; + } } if (!(cflag & X509_FLAG_NO_SUBJECT)) { if (BIO_printf(bp, " Subject:%c", mlch) <= 0)