apps/storeutl.c: avoid signed integer overflow in indent_printf()

As two arbitrarily large printf return values can trigger signed integer
overflow, rewrite the return value handling to avoid it.

Fixes: fb43ddceda79 "Add a recursive option to 'openssl storeutl'"
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665428
References: https://github.com/openssl/project/issues/1432
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28647)

(cherry picked from commit 651abe1eb550eb482d98425c979193d5f5e39582)

diff --git a/apps/storeutl.c b/apps/storeutl.c
index 62f0e61356403ef3184b168d112ef1780690a026..f8ebde44481c1f994f6ffa6223ce24f8e2e13139 100644 (file)
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -331,14 +331,22 @@ int storeutl_main(int argc, char *argv[])
 static int indent_printf(int indent, BIO *bio, const char *format, ...)
 {
     va_list args;
-    int ret;
+    int ret, vret;
+
+    ret = BIO_printf(bio, "%*s", indent, "");
+    if (ret < 0)
+        return ret;
 
     va_start(args, format);
+    vret = BIO_vprintf(bio, format, args);
+    va_end(args);
 
-    ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
+    if (vret < 0)
+        return vret;
+    if (vret > INT_MAX - ret)
+        return INT_MAX;
 
-    va_end(args);
-    return ret;
+    return ret + vret;
 }
 
 static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,