Fix undefined behaviour when printing the X509 and CRL version

[openssl.git] / crypto / x509 / t_crl.c

diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
index de0320d0756fee0bbff966f6dcbd1db4b59a2dff..f3ca6db8e53a2ceafec3249387eb9438228ec211 100644 (file)
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -44,7 +44,10 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 
     BIO_printf(out, "Certificate Revocation List (CRL):\n");
     l = X509_CRL_get_version(x);
-    BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
+    if (l >= 0 && l <= 1)
+        BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l);
+    else
+        BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
     X509_CRL_get0_signature(x, &sig, &sig_alg);
     X509_signature_print(out, sig_alg, NULL);
     p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);