From: Pierangelo Masarati <ando@openldap.org>
Date: Wed, 14 Apr 2010 20:26:24 +0000 (+0000)
Subject: serial can be longer than ber_int_t (ITS#6460)
X-Git-Tag: MIGRATION_CVS2GIT~626
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ee156cfd7a205a9ae85e72cd810c39b8730454f3;p=openldap

serial can be longer than ber_int_t (ITS#6460)
---

diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index a7b6c5b2b7..f49147a36c 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -545,7 +545,8 @@ tlsg_x509_cert_dn( struct berval *cert, struct berval *dn, int get_subject )
 	tag = ber_skip_tag( ber, &len );	/* Context + Constructed (version) */
 	if ( tag == 0xa0 )	/* Version is optional */
 		tag = ber_get_int( ber, &i );	/* Int: Version */
-	tag = ber_get_int( ber, &i );	/* Int: Serial */
+	tag = ber_skip_tag( ber, &len );	/* Int: Serial (can be longer than ber_int_t) */
+	ber_skip_data( ber, len );
 	tag = ber_skip_tag( ber, &len );	/* Sequence: Signature */
 	ber_skip_data( ber, len );
 	if ( !get_subject ) {