- if (( rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" )) != NULL ) {
- if ( (cval = strchr( rid_ptr, ',' )) != NULL ) {
- *cval = '\0';
- }
- cookie->rid = atoi( rid_ptr + sizeof("rid=") - 1 );
- if ( cval != NULL ) {
- *cval = ',';
- }
- } else {
+ /* FIXME: may read past end of cookie->octet_str.bv_val */
+ rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" );
+ if ( rid_ptr == NULL
+ || rid_ptr > &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "rid=" ) ] )
+ {
+ return -1;
+ }
+
+ cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
+ if ( next == &rid_ptr[ STRLENOF( "rid=" ) ] || ( next[ 0 ] != ',' && next[ 0 ] != '\0' ) ) {