From 797387c4ef3358fb314c2e470a008c1c977c3ba0 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sun, 24 Jan 2010 19:16:57 +0000
Subject: [PATCH] skip the serial, whatever its length (ITS#6460)

---
 libraries/libldap/tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 6c3940f68a..6fab67eb92 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -1677,7 +1677,8 @@ x509_cert_get_dn( struct berval *cert, struct berval *dn, int get_subject )
 	tag = ber_skip_tag( ber, &len );	/* Context + Constructed (version) */
 	if ( tag == 0xa0 )	/* Version is optional */
 		tag = ber_get_int( ber, &i );	/* Int: Version */
-	tag = ber_get_int( ber, &i );	/* Int: Serial */
+	tag = ber_skip_tag( ber, &len );	/* Int: Serial (can be longer than ber_int_t) */
+	ber_skip_data( ber, len );
 	tag = ber_skip_tag( ber, &len );	/* Sequence: Signature */
 	ber_skip_data( ber, len );
 	if ( !get_subject ) {
-- 
2.39.5