apps/storeutl.c: avoid signed integer overflow in indent_printf()

As two arbitrarily large printf return values can trigger signed integer
overflow, rewrite the return value handling to avoid it.

Fixes: fb43ddceda79 "Add a recursive option to 'openssl storeutl'"
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665428
References: https://github.com/openssl/project/issues/1432
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28648)

diff --git a/apps/storeutl.c b/apps/storeutl.c
index 1594a9bb7560d4c86d67e75880ca0c0237c15e7a..afa4f47b81bd8e0c5ec283bac05cf3ad0ef9c7c3 100644 (file)
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -334,14 +334,22 @@ int storeutl_main(int argc, char *argv[])
 static int indent_printf(int indent, BIO *bio, const char *format, ...)
 {
     va_list args;
-    int ret;
+    int ret, vret;
+
+    ret = BIO_printf(bio, "%*s", indent, "");
+    if (ret < 0)
+        return ret;
 
     va_start(args, format);
+    vret = BIO_vprintf(bio, format, args);
+    va_end(args);
 
-    ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
+    if (vret < 0)
+        return vret;
+    if (vret > INT_MAX - ret)
+        return INT_MAX;
 
-    va_end(args);
-    return ret;
+    return ret + vret;
 }
 
 static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,