From 9ee6f328cbf68f7ffdf789bc2ff8e5ffe4ca9743 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 20 Oct 2022 12:20:00 +0100
Subject: [PATCH] ITS#9935 slapd UTF8StringValidate: fix read past end of
 string

Harmless, length check at end of routine would have returned an
error anyway.
---
 servers/slapd/schema_init.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index d753936d08..4564043826 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -1823,6 +1823,8 @@ UTF8StringValidate(
 	for( ; u < end; u += len ) {
 		/* get the length indicated by the first byte */
 		len = LDAP_UTF8_CHARLEN2( u, len );
+		if ( u + len > end )
+			return LDAP_INVALID_SYNTAX;
 
 		/* very basic checks */
 		switch( len ) {
-- 
2.47.3