ITS#5976

diff --git a/CHANGES b/CHANGES
index d88a36de22e9dfbc8e3c02e2add229caff47cc63..09326c49840ed11523b0bbe0e3a229418cac2918 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 OpenLDAP 2.4 Change Log
 
 OpenLDAP 2.4.16 Engineering
+       Fixed libldap segfault in checking cert/DN (ITS#5976)
 
 OpenLDAP 2.4.15 Release (2009/02/24)
        Fixed libldap alias dereferencing in C API again (ITS#5916)

diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index ff2a2d2b52ba8733d9eecb3ca17ac0066fd09432..69e6f609e84197420021f933f8d217553a11deda 100644 (file)
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -872,8 +872,9 @@ ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func,
        struct berval der_dn;
        int rc;
 
-       tls_imp->ti_session_my_dn( session, &der_dn );
-       rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
+       rc = tls_imp->ti_session_my_dn( session, &der_dn );
+       if ( rc == LDAP_SUCCESS )
+               rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
        return rc;
 }
 #endif /* HAVE_TLS */