crypto/x509: update parseCertificate() to guarantee version cannot be negative

[iljavs]

After the call to ReadOptionalASN1Integer() Version can be really large (e.g., 2,147,483,647) when performing the Version++ on line 823. In that case it would then wrap, leading to a negative Version, which will pass the version check on line 824.

This change adds a check to make sure Version is reasonable prior to the increment, thereby guaranteeing it will not wrap.

This PR will be imported into Gerrit with the title and first
comment (this text) used to generate the subject and body of
the Gerrit change.

Please ensure you adhere to every item in this list.

More info can be found at https://github.com/golang/go/wiki/CommitMessage

• The PR title is formatted as follows: net/http: frob the quux before blarfing
  • The package name goes before the colon
  • The part after the colon uses the verb tense + phrase that completes the blank in,
    "This change modifies Go to ___________"
  • Lowercase verb after the colon
  • No trailing period
  • Keep the title as short as possible. ideally under 76 characters or shorter
• No Markdown
• The first PR comment (this one) is wrapped at 76 characters, unless it's
  really needed (ASCII art, table, or long link)
• If there is a corresponding issue, add either Fixes #1234 or Updates #1234
  (the latter if this is not a complete fix) to this comment
• If referring to a repo other than golang/go you can use the
  owner/repo#issue_number syntax: Fixes golang/tools#1234
• We do not use Signed-off-by lines in Go. Please don't add them.
  Our Gerrit server & GitHub bots enforce CLA compliance instead.
• Delete these instructions once you have read and applied them

[gopherbot]

This PR (HEAD: 88ee127) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/426894 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Gopher Robot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://go.dev/doc/contribute#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11 or adds a tag like "wait-release", it means that this CL will be
reviewed as part of the next development cycle. See https://go.dev/s/release
for more details.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/426894.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Zeke Lu:

Patch Set 1:

(3 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/426894.
After addressing review feedback, remember to publish your drafts!