From de353ebedae56a3eb9161f715eefc7b315a1142d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Julio=20S=C3=A1nchez=20Fern=C3=A1ndez?=
 <jsanchez@openldap.org>
Date: Tue, 23 Oct 2001 09:05:04 +0000
Subject: [PATCH] Normalization and more error checking.

---
 servers/slapd/schema_init.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 7de9a78895..4b6b52335a 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -3556,7 +3556,26 @@ certificateExactConvert(
 	}
 
 	serial = asn1_integer2str(xcert->cert_info->serialNumber);
+	if ( !serial ) {
+		X509_free(xcert);
+		return LDAP_INVALID_SYNTAX;
+	}
 	issuer_dn = dn_openssl2ldap(X509_get_issuer_name(xcert));
+	if ( !issuer_dn ) {
+		X509_free(xcert);
+		ber_bvfree(serial);
+		return LDAP_INVALID_SYNTAX;
+	}
+	/* Actually, dn_openssl2ldap returns in a normalized format, but
+	   it is different from our normalized format */
+	bv_tmp = issuer_dn;
+	if ( dnNormalize(NULL, bv_tmp, &issuer_dn) != LDAP_SUCCESS ) {
+		X509_free(xcert);
+		ber_bvfree(serial);
+		ber_bvfree(bv_tmp);
+		return LDAP_INVALID_SYNTAX;
+	}
+	ber_bvfree(bv_tmp);
 
 	X509_free(xcert);
 
@@ -3630,7 +3649,7 @@ serial_and_issuer_parse(
 	q = ch_malloc( (end-begin+1)+1 );
 	AC_MEMCPY( q, begin, end-begin+1 );
 	q[end-begin+1] = '\0';
-	*issuer_dn = ber_bvstr(q);
+	*issuer_dn = ber_bvstr(dn_normalize(q));
 
 	return LDAP_SUCCESS;
 }
-- 
2.39.5