apps/x509.c: Fix mem leaks in processing of -next_serial in print loop

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14340)

apps/lib/apps.c

@@ -1077,6 +1077,7 @@ void print_name(BIO *out, const char *title, const X509_NAME *nm)
     char mline = 0;
     int indent = 0;
     unsigned long lflags = get_nameopt();
+
     if (title != NULL)
         BIO_puts(out, title);
     if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {

apps/x509.c

@@ -887,16 +887,16 @@ int x509_main(int argc, char **argv)
             i2a_ASN1_INTEGER(out, X509_get0_serialNumber(x));
             BIO_printf(out, "\n");
         } else if (i == next_serial) {
-            ASN1_INTEGER *ser = X509_get_serialNumber(x);
-            BIGNUM *bnser = ASN1_INTEGER_to_BN(ser, NULL);
+            ASN1_INTEGER *ser;
+            BIGNUM *bnser = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
 
             if (bnser == NULL)
                 goto end;
-            if (!BN_add_word(bnser, 1))
-                goto end;
-            ser = BN_to_ASN1_INTEGER(bnser, NULL);
-            if (ser == NULL)
+            if (!BN_add_word(bnser, 1)
+                    || (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) {
+                BN_free(bnser);
                 goto end;
+            }
             BN_free(bnser);
             i2a_ASN1_INTEGER(out, ser);
             ASN1_INTEGER_free(ser);
@@ -976,9 +976,8 @@ int x509_main(int argc, char **argv)
                 goto end;
             }
             BIO_printf(out, "%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(fdig)));
-            for (j = 0; j < (int)n; j++) {
+            for (j = 0; j < (int)n; j++)
                 BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':');
-            }
         } else if (i == ocspid) {
             X509_ocspid_print(out, x);
         } else if (i == ext) {