x509: drop endless loop in print_extensions

If crq is malformed in extensions part, print_extensions() might loop
endlessly because gnutls_x509_crq_get_extension_info would return
unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather
than bailing out. Fix this by handling this error code properly. Found
thanks to oss-fuzz.

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

2 files changed, 3 insertions, 3 deletions

diff --git a/fuzz/gnutls_x509_crq_parser_fuzzer.repro/609921afff38ec5b52feb7e17aa3035bdce0e0d3 b/fuzz/gnutls_x509_crq_parser_fuzzer.repro/609921afff38ec5b52feb7e17aa3035bdce0e0d3
new file mode 100644
index 0000000000..4fe047d3c3
--- /dev/null
+++ b/fuzz/gnutls_x509_crq_parser_fuzzer.repro/609921afff38ec5b52feb7e17aa3035bdce0e0d3
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 2aa78b478b..6f829b06ac 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1281,12 +1281,12 @@ print_extensions(gnutls_buffer_st * str, const char *prefix, int type,
 			return;
 		}
 
+		if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+			break;
 		if (err < 0) {
-			if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
-				break;
 			addf(str, "error: get_extension_info: %s\n",
 			     gnutls_strerror(err));
-			continue;
+			break;
 		}
 
 		if (i == 0)