openldap/CVE-2020-36221-2.patch

From 58c1748e81c843c5b6e61648d2a4d1d82b47e842 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 14 Dec 2020 19:03:27 +0000
Subject: [PATCH] ITS#9424 fix serialNumberAndIssuerSerialCheck

---
 servers/slapd/schema_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index d697fa108..e035c1a6a 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -4302,7 +4302,7 @@ serialNumberAndIssuerSerialCheck(
 	if ( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
 
 	/* no old format */
-	if ( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX;
+	if ( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX;
 
 	x.bv_val++;
 	x.bv_len -= 2;
-- 
GitLab