From: Howard Chu <hyc@openldap.org>
Date: Sat, 1 Aug 2009 00:39:41 +0000 (+0000)
Subject: Fix certificateListValidate parsing of CRL extensions
X-Git-Tag: ACLCHECK_0~373
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e8d95fa072d7fc1b2f0ca485bb8278790870bda2;p=openldap

Fix certificateListValidate parsing of CRL extensions
---

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index bb027823ec..164c348b8c 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -319,10 +319,11 @@ certificateListValidate( Syntax *syntax, struct berval *in )
 			tag = ber_skip_tag( ber, &len );
 		}
 	}
-	/* Optional Extensions */
+	/* Optional Extensions - Sequence of Sequence */
 	if ( tag == SLAP_X509_OPT_CL_CRLEXTENSIONS ) { /* ? */
+		ber_len_t seqlen;
 		if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
-		tag = ber_skip_tag( ber, &len );
+		tag = ber_peek_tag( ber, &seqlen );
 		if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
 		ber_skip_data( ber, len );
 		tag = ber_skip_tag( ber, &len );