certificateExactNormalize - only check serial encoding if len > 1

author Howard Chu <hyc@openldap.org>

Mon, 1 Oct 2007 16:32:30 +0000 (16:32 +0000)

committer Howard Chu <hyc@openldap.org>

Mon, 1 Oct 2007 16:32:30 +0000 (16:32 +0000)
author Howard Chu <hyc@openldap.org>
Mon, 1 Oct 2007 16:32:30 +0000 (16:32 +0000)
committer Howard Chu <hyc@openldap.org>
Mon, 1 Oct 2007 16:32:30 +0000 (16:32 +0000)
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c

index 61c07e2c8adcec0e3dc682e56a70940a13715994..34dbc86cee05e6eeb9aa6812436a32c021662fd0 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -3045,14 +3045,14 @@ certificateExactNormalize(
                 ber_skip_data( ber, len );
  
                 /* Check for minimal encodings */
-               if ( ptr[0] & 0x80 ) {
-                       if (( ptr[0] == 0xff ) && ( ptr[1] & 0x80 ))
-                               return LDAP_INVALID_SYNTAX;
-               } else if ( ptr[0] == 0 ) {
-                       if (!( ptr[1] & 0x80 ))
-                               return LDAP_INVALID_SYNTAX;
-                       ptr++;
-                       len--;
+               if ( len > 1 ) {
+                       if ( ptr[0] & 0x80 ) {
+                               if (( ptr[0] == 0xff ) && ( ptr[1] & 0x80 ))
+                                       return LDAP_INVALID_SYNTAX;
+                       } else if ( ptr[0] == 0 ) {
+                               if (!( ptr[1] & 0x80 ))
+                                       return LDAP_INVALID_SYNTAX;
+                       }
                 }
  
                 seriallen = len * 2 + 4;        /* quotes, H, NUL */
author	Howard Chu <hyc@openldap.org>
	Mon, 1 Oct 2007 16:32:30 +0000 (16:32 +0000)
committer	Howard Chu <hyc@openldap.org>
	Mon, 1 Oct 2007 16:32:30 +0000 (16:32 +0000)