From e2afe3ce62f2a8e2cd92ea9fe4ca0bf419a8cecc Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Thu, 15 Apr 2010 00:10:21 +0000
Subject: [PATCH] ITS#6460

---
 CHANGES                   | 1 +
 libraries/libldap/tls_g.c | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index a246ccc748..b92c65040d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,7 @@ OpenLDAP 2.4 Change Log
 
 OpenLDAP 2.4.22 Engineering
 	Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements (ITS#6435)
+	Fixed libldap GnuTLS serial length (ITS#6460)
 	Fixed slapd certificateListValidate (ITS#6466)
 	Fixed slapd empty URI parsing (ITS#6465)
 	Fixed slapd REP_ENTRY flag handling (ITS#5340)
diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index a7b6c5b2b7..f49147a36c 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -545,7 +545,8 @@ tlsg_x509_cert_dn( struct berval *cert, struct berval *dn, int get_subject )
 	tag = ber_skip_tag( ber, &len );	/* Context + Constructed (version) */
 	if ( tag == 0xa0 )	/* Version is optional */
 		tag = ber_get_int( ber, &i );	/* Int: Version */
-	tag = ber_get_int( ber, &i );	/* Int: Serial */
+	tag = ber_skip_tag( ber, &len );	/* Int: Serial (can be longer than ber_int_t) */
+	ber_skip_data( ber, len );
 	tag = ber_skip_tag( ber, &len );	/* Sequence: Signature */
 	ber_skip_data( ber, len );
 	if ( !get_subject ) {
-- 
GitLab