"csn=%s,rid=%03d", csn->bv_val, rid );
}
}
- ber_str2bv( cookiestr, strlen(cookiestr), 1, cookie );
+ ber_str2bv_x( cookiestr, strlen(cookiestr), 1, cookie,
+ op ? op->o_tmpmemctx : NULL );
}
void
int
slap_parse_sync_cookie(
- struct sync_cookie *cookie
+ struct sync_cookie *cookie,
+ void *memctx
)
{
char *csn_ptr;
int csn_str_len;
int valid = 0;
char *rid_ptr;
- char *rid_str;
char *cval;
+ char *next;
if ( cookie == NULL )
return -1;
+ if ( cookie->octet_str.bv_len <= STRLENOF( "rid=" ) )
+ return -1;
+
+ cookie->rid = -1;
+ /* FIXME: may read past end of cookie->octet_str.bv_val */
+ rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" );
+ if ( rid_ptr == NULL
+ || rid_ptr > &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "rid=" ) ] )
+ {
+ return -1;
+ }
+
+ cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
+ if ( next == &rid_ptr[ STRLENOF( "rid=" ) ] || ( next[ 0 ] != ',' && next[ 0 ] != '\0' ) ) {
+ return -1;
+ }
+
while (( csn_ptr = strstr( cookie->octet_str.bv_val, "csn=" )) != NULL ) {
AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
slap_syntax_validate_func *validate;
struct berval stamp;
+ /* This only happens when called from main */
+ if ( ad == NULL )
+ break;
+
+ if ( csn_ptr >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "csn=" ) ] ) {
+ return -1;
+ }
+
csn_str = csn_ptr + STRLENOF("csn=");
cval = strchr( csn_str, ',' );
- if ( cval )
+ if ( cval && cval < &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] )
csn_str_len = cval - csn_str;
else
csn_str_len = 0;
/* FIXME use csnValidate when it gets implemented */
csn_ptr = strchr( csn_str, '#' );
- if ( !csn_ptr ) break;
+ if ( !csn_ptr || csn_str >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] ) break;
stamp.bv_val = csn_str;
stamp.bv_len = csn_ptr - csn_str;
break;
}
if ( valid ) {
- ber_str2bv( csn_str, csn_str_len, 1, &cookie->ctxcsn );
+ ber_str2bv_x( csn_str, csn_str_len, 1, &cookie->ctxcsn, memctx );
} else {
BER_BVZERO( &cookie->ctxcsn );
}
- if (( rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" )) != NULL ) {
- rid_str = SLAP_STRNDUP( rid_ptr,
- SLAP_SYNC_RID_SIZE + sizeof("rid=") - 1 );
- if ( (cval = strchr( rid_str, ',' )) != NULL ) {
- *cval = '\0';
- }
- cookie->rid = atoi( rid_str + sizeof("rid=") - 1 );
- ch_free( rid_str );
- } else {
- cookie->rid = -1;
- }
return 0;
}
struct sync_cookie *src
)
{
- int i;
struct sync_cookie *new;
- struct berval tmp_bv;
if ( src == NULL )
return NULL;