ITS#6460

diff --git a/CHANGES b/CHANGES
index a246ccc7482ae1fed89f5d0bb0abf960c6ed01f2..b92c65040df13083be9d95f61488ab59507deb37 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,7 @@ OpenLDAP 2.4 Change Log
 
 OpenLDAP 2.4.22 Engineering
        Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements (ITS#6435)
+       Fixed libldap GnuTLS serial length (ITS#6460)
        Fixed slapd certificateListValidate (ITS#6466)
        Fixed slapd empty URI parsing (ITS#6465)
        Fixed slapd REP_ENTRY flag handling (ITS#5340)

diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index a7b6c5b2b78b342853072cd2d0152c13868ef40d..f49147a36c98df3e34c82fc80f7931c6cd6c8ff8 100644 (file)
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -545,7 +545,8 @@ tlsg_x509_cert_dn( struct berval *cert, struct berval *dn, int get_subject )
        tag = ber_skip_tag( ber, &len );        /* Context + Constructed (version) */
        if ( tag == 0xa0 )      /* Version is optional */
                tag = ber_get_int( ber, &i );   /* Int: Version */
-       tag = ber_get_int( ber, &i );   /* Int: Serial */
+       tag = ber_skip_tag( ber, &len );        /* Int: Serial (can be longer than ber_int_t) */
+       ber_skip_data( ber, len );
        tag = ber_skip_tag( ber, &len );        /* Sequence: Signature */
        ber_skip_data( ber, len );
        if ( !get_subject ) {