upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-23 16:19:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#6466 certificateListValidate: Empty Sequence-of is legal

Browse source
This commit is contained in:
Howard Chu 2010-01-30 23:32:50 +00:00
parent f967ec3b4e
commit 0e16b2ea55
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
servers/slapd/schema_init.c
View file

@ -326,9 +326,12 @@ certificateListValidate( Syntax *syntax, struct berval *in )
/* revokedCertificates - Sequence of Sequence, Optional */
if ( tag == LBER_SEQUENCE ) {
ber_len_t seqlen;
if ( ber_peek_tag( ber, &seqlen ) == LBER_SEQUENCE ) {
/* Should NOT be empty */
ber_skip_data( ber, len );
ber_tag_t stag;
stag = ber_peek_tag( ber, &seqlen );
if ( stag == LBER_SEQUENCE || !len ) {
/* RFC5280 requires non-empty, but X.509(2005) allows empty. */
if ( len )
ber_skip_data( ber, len );
tag = ber_skip_tag( ber, &len );
}
}