Avoid polluting the error stack when printing certificates
authortb <tb@openbsd.org>
Wed, 28 Aug 2024 06:17:06 +0000 (06:17 +0000)
committertb <tb@openbsd.org>
Wed, 28 Aug 2024 06:17:06 +0000 (06:17 +0000)
commitad89fde96b678b37941037bcca62e62240b307ad
treecb404254602b0b6ce35a2b6375da777e0af626c7
parent9246575170a5158c940218b6ad286e8ab087550a
Avoid polluting the error stack when printing certificates

For a certificate serial number between LONG_MAX and ULONG_MAX, the call to
ASN1_INTEGER_get() fails and leaves an error on the stack because the check
bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is
probably for bitstring, although the more common reading would be adequate,
too.)

Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64()
and add a lengthy comment to explain the nonsense per beck's request.

discussed with jsing
ok beck
lib/libcrypto/asn1/t_x509.c