From 47c8c586908605d2f52636701a0a265231750d84 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Wed, 3 Jun 2020 04:50:39 -0500
Subject: [PATCH] Fix crash if empty certificate is provided in PKI list

---
 src/libtdeldap.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index c217398..b92ed47 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -1069,6 +1069,10 @@ int LDAPManager::updateUserInfo(LDAPUserInfo user, TQString *errstr) {
 		for (it = user.pkiCertificates.begin(); it != user.pkiCertificates.end(); ++it) {
 			PKICertificateEntry certificateData = *it;
 
+			// Don't attempt to load empty certificates
+			if (certificateData.second.size() < 1)
+				continue;
+
 			TQCString ssldata(certificateData.second);
 			ssldata[certificateData.second.size()] = 0;
 			ssldata.replace("-----BEGIN CERTIFICATE-----", "");
@@ -4750,6 +4754,10 @@ int LDAPManager::generatePKICRL(int expirydays, LDAPRealmConfig realmcfg, TQStri
 			for (it = user.pkiCertificates.begin(); it != user.pkiCertificates.end(); ++it) {
 				PKICertificateEntry certificateData = *it;
 
+				// Don't attempt to load empty certificates
+				if (certificateData.second.size() < 1)
+					continue;
+
 				TQCString ssldata(certificateData.second);
 				ssldata[certificateData.second.size()] = 0;
 				ssldata.replace("-----BEGIN CERTIFICATE-----", "");