apps/storeutl.c: avoid signed integer overflow in indent_printf()

As two arbitrarily large printf return values can trigger signed integer overflow, rewrite the return value handling to avoid it. Fixes: fb43ddceda "Add a recursive option to 'openssl storeutl'" Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665428 References: https://github.com/openssl/project/issues/1432 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28648)
2025-09-15 05:14:09 +02:00 · 2025-09-15 05:14:09 +02:00 · 61422fd7e0
parent a53013196c
commit 61422fd7e0
1 changed files with 13 additions and 5 deletions
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@ -334,14 +334,22 @@ int storeutl_main(int argc, char *argv[])
 static int indent_printf(int indent, BIO *bio, const char *format, ...)
 {
    va_list args;
-    int ret;
+    int ret, vret;
+
+    ret = BIO_printf(bio, "%*s", indent, "");
+    if (ret < 0)
+        return ret;

    va_start(args, format);
-
-    ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
-
+    vret = BIO_vprintf(bio, format, args);
    va_end(args);
-    return ret;
+
+    if (vret < 0)
+        return vret;
+    if (vret > INT_MAX - ret)
+        return INT_MAX;
+
+    return ret + vret;
 }

 static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,