From: Pierangelo Masarati Date: Mon, 3 Aug 2009 14:07:49 +0000 (+0000) Subject: note about OpenSSL being more liberal than OpenLDAP when there is garbage past the... X-Git-Tag: ACLCHECK_0~366 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=20371c3eae38f81848e51e53b59ca8947f372a47;p=openldap note about OpenSSL being more liberal than OpenLDAP when there is garbage past the end of a certificateList --- diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 253cf9790e..95d108f6a5 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -337,6 +337,7 @@ certificateListValidate( Syntax *syntax, struct berval *in ) ber_skip_data( ber, len ); tag = ber_skip_tag( ber, &len ); /* Must be at end now */ + /* NOTE: OpenSSL tolerates CL with garbage past the end */ if ( len || tag != LBER_DEFAULT ) return LDAP_INVALID_SYNTAX; return LDAP_SUCCESS; }