Fix certificateListValidate parsing of CRL extensions

author Howard Chu <hyc@openldap.org>

Sat, 1 Aug 2009 00:39:41 +0000 (00:39 +0000)

committer Howard Chu <hyc@openldap.org>

Sat, 1 Aug 2009 00:39:41 +0000 (00:39 +0000)
author Howard Chu <hyc@openldap.org>
Sat, 1 Aug 2009 00:39:41 +0000 (00:39 +0000)
committer Howard Chu <hyc@openldap.org>
Sat, 1 Aug 2009 00:39:41 +0000 (00:39 +0000)
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c

index bb027823ecf971351b06f02531f0ddc1e9b4e014..164c348b8c9e598b3bfaaac4887b1ec6f55b42e1 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -319,10 +319,11 @@ certificateListValidate( Syntax *syntax, struct berval *in )
                         tag = ber_skip_tag( ber, &len );
                 }
         }
-       /* Optional Extensions */
+       /* Optional Extensions - Sequence of Sequence */
         if ( tag == SLAP_X509_OPT_CL_CRLEXTENSIONS ) { /* ? */
+               ber_len_t seqlen;
                 if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
-               tag = ber_skip_tag( ber, &len );
+               tag = ber_peek_tag( ber, &seqlen );
                 if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
                 ber_skip_data( ber, len );
                 tag = ber_skip_tag( ber, &len );
author	Howard Chu <hyc@openldap.org>
	Sat, 1 Aug 2009 00:39:41 +0000 (00:39 +0000)
committer	Howard Chu <hyc@openldap.org>
	Sat, 1 Aug 2009 00:39:41 +0000 (00:39 +0000)