[PATCH] ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN count

author Howard Chu <hyc@openldap.org>

Sun, 13 Dec 2020 21:48:45 +0000 (21:48 +0000)

committer Ryan Tandy <ryan@nardis.ca>

Sat, 14 May 2022 18:35:44 +0000 (19:35 +0100)
author Howard Chu <hyc@openldap.org>
Sun, 13 Dec 2020 21:48:45 +0000 (21:48 +0000)
committer Ryan Tandy <ryan@nardis.ca>
Sat, 14 May 2022 18:35:44 +0000 (19:35 +0100)
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c

index d25c190eab52a9bec4d6c81812a7a7014f3d71f6..c642469d97236e22938c4df6a2ea0b68e1c4032c 100644 (file)
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -1220,6 +1220,12 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
                 }
         }
  
+       /* Rewind and prepare to extract */
+       ber_rewind( ber );
+       tag = ber_first_element( ber, &len, &dn_end );
+       if ( tag == LBER_DEFAULT )
+               return LDAP_DECODING_ERROR;
+
         /* Allocate the DN/RDN/AVA stuff as a single block */    
         dnsize = sizeof(LDAPRDN) * (nrdns+1);
         dnsize += sizeof(LDAPAVA *) * (navas+nrdns);
@@ -1231,16 +1237,12 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
         } else {
                 newDN = (LDAPDN)(char *)ptrs;
         }
-       
+
         newDN[nrdns] = NULL;
         newRDN = (LDAPRDN)(newDN + nrdns+1);
         newAVA = (LDAPAVA *)(newRDN + navas + nrdns);
         baseAVA = newAVA;
  
-       /* Rewind and start extracting */
-       ber_rewind( ber );
-
-       tag = ber_first_element( ber, &len, &dn_end );
         for ( i = nrdns - 1; i >= 0; i-- ) {
                 newDN[i] = newRDN;
author	Howard Chu <hyc@openldap.org>
	Sun, 13 Dec 2020 21:48:45 +0000 (21:48 +0000)
committer	Ryan Tandy <ryan@nardis.ca>
	Sat, 14 May 2022 18:35:44 +0000 (19:35 +0100)