X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fschema_init.c;h=95d108f6a5f294bd53777cfff0a7aa8d0742a708;hb=20371c3eae38f81848e51e53b59ca8947f372a47;hp=164c348b8c9e598b3bfaaac4887b1ec6f55b42e1;hpb=e8d95fa072d7fc1b2f0ca485bb8278790870bda2;p=openldap

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 164c348b8c..95d108f6a5 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -337,6 +337,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
 	ber_skip_data( ber, len );
 	tag = ber_skip_tag( ber, &len );
 	/* Must be at end now */
+	/* NOTE: OpenSSL tolerates CL with garbage past the end */
 	if ( len || tag != LBER_DEFAULT ) return LDAP_INVALID_SYNTAX;
 	return LDAP_SUCCESS;
 }
@@ -389,7 +390,7 @@ attributeCertificateValidate( Syntax *syntax, struct berval *in )
 	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
 	ber_skip_data( ber, len );
 
-	ber_peek_tag( ber, &len );
+	tag = ber_peek_tag( ber, &len );
 
 	if ( tag == LBER_BITSTRING ) {	/* issuerUniqueID */
 		tag = ber_skip_tag( ber, &len );