From df54ae2dfdecc51a2dd092deb373b4b931c62ce1 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 10 Aug 2022 11:15:08 +0000 Subject: [PATCH] Only print versions we know about The version field of an X.509 Certificate is an enum Version ::= INTEGER { v1(0), v2(1), v3(2) } Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version. ok jsing --- lib/libcrypto/asn1/t_x509.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/libcrypto/asn1/t_x509.c b/lib/libcrypto/asn1/t_x509.c index 563edac0743..abcce54366a 100644 --- a/lib/libcrypto/asn1/t_x509.c +++ b/lib/libcrypto/asn1/t_x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_x509.c,v 1.37 2021/12/25 13:17:48 jsing Exp $ */ +/* $OpenBSD: t_x509.c,v 1.38 2022/08/10 11:15:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -137,9 +137,15 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) } if (!(cflag & X509_FLAG_NO_VERSION)) { l = X509_get_version(x); - if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", - "", l + 1, l) <= 0) - goto err; + if (l >= 0 && l <= 2) { + if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", + "", l + 1, l) <= 0) + goto err; + } else { + if (BIO_printf(bp, "%8sVersion: unknown (%ld)\n", + "", l) <= 0) + goto err; + } } if (!(cflag & X509_FLAG_NO_SERIAL)) { if (BIO_write(bp, " Serial Number:", 22) <= 0) -- 2.20.1