Commit fd4dfa08 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6466

parent c410ce63
...@@ -2,6 +2,7 @@ OpenLDAP 2.4 Change Log ...@@ -2,6 +2,7 @@ OpenLDAP 2.4 Change Log
OpenLDAP 2.4.22 Engineering OpenLDAP 2.4.22 Engineering
Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements (ITS#6435) Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements (ITS#6435)
Fixed slapd certificateListValidate (ITS#6466)
Fixed slapd REP_ENTRY flag handling (ITS#5340) Fixed slapd REP_ENTRY flag handling (ITS#5340)
Fixed slapd sasl auxprop_lookup (ITS#6441) Fixed slapd sasl auxprop_lookup (ITS#6441)
Fixed slapo-collect REP_ENTRY flag handling (ITS#5340,ITS#6423) Fixed slapo-collect REP_ENTRY flag handling (ITS#5340,ITS#6423)
......
...@@ -326,9 +326,12 @@ certificateListValidate( Syntax *syntax, struct berval *in ) ...@@ -326,9 +326,12 @@ certificateListValidate( Syntax *syntax, struct berval *in )
/* revokedCertificates - Sequence of Sequence, Optional */ /* revokedCertificates - Sequence of Sequence, Optional */
if ( tag == LBER_SEQUENCE ) { if ( tag == LBER_SEQUENCE ) {
ber_len_t seqlen; ber_len_t seqlen;
if ( ber_peek_tag( ber, &seqlen ) == LBER_SEQUENCE ) { ber_tag_t stag;
/* Should NOT be empty */ stag = ber_peek_tag( ber, &seqlen );
ber_skip_data( ber, len ); if ( stag == LBER_SEQUENCE || !len ) {
/* RFC5280 requires non-empty, but X.509(2005) allows empty. */
if ( len )
ber_skip_data( ber, len );
tag = ber_skip_tag( ber, &len ); tag = ber_skip_tag( ber, &len );
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment