Fix undefined behaviour when printing the X509 serial
authorKurt Roeckx <kurt@roeckx.be>
Sat, 14 Jan 2017 14:58:42 +0000 (15:58 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Sun, 15 Jan 2017 21:21:07 +0000 (22:21 +0100)
Found by afl

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230

crypto/x509/t_x509.c

index ce67046..5119c0e 100644 (file)
@@ -93,12 +93,14 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
             l = -1;
         }
         if (l != -1) {
+            unsigned long ul;
             if (bs->type == V_ASN1_NEG_INTEGER) {
-                l = -l;
+                ul = 0 - (unsigned long)l;
                 neg = "-";
             } else
+                ul = l;
                 neg = "";
-            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)
+            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, ul, neg, ul) <= 0)
                 goto err;
         } else {
             neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";