From: Howard Chu <hyc@openldap.org>
Date: Mon, 1 Oct 2007 16:32:30 +0000 (+0000)
Subject: certificateExactNormalize - only check serial encoding if len > 1
X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2~571
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=925e92dcc9b78bff9936468755acc3cd8906dee6;p=openldap

certificateExactNormalize - only check serial encoding if len > 1
---

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 61c07e2c8a..34dbc86cee 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -3045,14 +3045,14 @@ certificateExactNormalize(
 		ber_skip_data( ber, len );
 
 		/* Check for minimal encodings */
-		if ( ptr[0] & 0x80 ) {
-			if (( ptr[0] == 0xff ) && ( ptr[1] & 0x80 ))
-				return LDAP_INVALID_SYNTAX;
-		} else if ( ptr[0] == 0 ) {
-			if (!( ptr[1] & 0x80 ))
-				return LDAP_INVALID_SYNTAX;
-			ptr++;
-			len--;
+		if ( len > 1 ) {
+			if ( ptr[0] & 0x80 ) {
+				if (( ptr[0] == 0xff ) && ( ptr[1] & 0x80 ))
+					return LDAP_INVALID_SYNTAX;
+			} else if ( ptr[0] == 0 ) {
+				if (!( ptr[1] & 0x80 ))
+					return LDAP_INVALID_SYNTAX;
+			}
 		}
 
 		seriallen = len * 2 + 4;	/* quotes, H, NUL */