skip the serial, whatever its length (ITS#6460)

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 6c3940f68a824a294d789d69654a64c642dafcea..6fab67eb92004846a2682e6da1b55f6340c1eba5 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -1677,7 +1677,8 @@ x509_cert_get_dn( struct berval *cert, struct berval *dn, int get_subject )
        tag = ber_skip_tag( ber, &len );        /* Context + Constructed (version) */
        if ( tag == 0xa0 )      /* Version is optional */
                tag = ber_get_int( ber, &i );   /* Int: Version */
-       tag = ber_get_int( ber, &i );   /* Int: Serial */
+       tag = ber_skip_tag( ber, &len );        /* Int: Serial (can be longer than ber_int_t) */
+       ber_skip_data( ber, len );
        tag = ber_skip_tag( ber, &len );        /* Sequence: Signature */
        ber_skip_data( ber, len );
        if ( !get_subject ) {