CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2024/08/28 00:17:06
Modified files: lib/libcrypto/asn1: t_x509.c Log message: Avoid polluting the error stack when printing certificates For a certificate serial number between LONG_MAX and ULONG_MAX, the call to ASN1_INTEGER_get() fails and leaves an error on the stack because the check bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is probably for bitstring, although the more common reading would be adequate, too.) Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64() and add a lengthy comment to explain the nonsense per beck's request. discussed with jsing ok beck