Fix pretty-printing empty serial number in ossl_serial_number_print()

Fix a crash when the ASN1_INTEGER has empty content. While it is
illegal, this is the initial state of the serialNumber field when an
X509 object is allocated by X509_new(). X509_print*() should be able to
process an incomplete X509 object too.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26557)

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 71f9e33c21760bb0f3f0688ec042dd9c71955ea0..9ec7de2deadf9d8a9efd0087c4cc2bba5b66a496 100644 (file)
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -515,6 +515,12 @@ int ossl_serial_number_print(BIO *out, const ASN1_INTEGER *bs, int indent)
     unsigned long ul;
     const char *neg;
 
+    if (bs->length == 0) {
+        if (BIO_puts(out, " (Empty)") <= 0)
+            return -1;
+        return 0;
+    }
+
     if (bs->length <= (int)sizeof(long)) {
         ERR_set_mark();
         l = ASN1_INTEGER_get(bs);