Add ldap_pvt_thread_pool_retract() to cancel pending threads

[openldap] / servers / slapd / ldapsync.c

diff --git a/servers/slapd/ldapsync.c b/servers/slapd/ldapsync.c
index 5870635a699c1cdd73cd90348f654260acc2a44a..f71bedaf45fdd18f831a3a4a94f0429c3a91916d 100644 (file)
--- a/servers/slapd/ldapsync.c
+++ b/servers/slapd/ldapsync.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
  *
@@ -120,20 +120,37 @@ slap_sync_cookie_free(
 }
 
 int
-slap_parse_csn_sid( struct berval *csn )
+slap_parse_csn_sid( struct berval *csnp )
 {
        char *p, *q;
+       struct berval csn = *csnp;
        int i;
 
-       p = memchr( csn->bv_val, '#', csn->bv_len );
-       if ( p )
-               p = strchr( p+1, '#' );
+       p = ber_bvchr( &csn, '#' );
        if ( !p )
                return -1;
        p++;
-       i = strtoul( p, &q, 10 );
-       if ( p == q || i > SLAP_SYNC_SID_MAX )
+       csn.bv_len -= p - csn.bv_val;
+       csn.bv_val = p;
+
+       p = ber_bvchr( &csn, '#' );
+       if ( !p )
+               return -1;
+       p++;
+       csn.bv_len -= p - csn.bv_val;
+       csn.bv_val = p;
+
+       q = ber_bvchr( &csn, '#' );
+       if ( !q )
+               return -1;
+
+       csn.bv_len = q - p;
+
+       i = strtol( p, &q, 16 );
+       if ( p == q || q != p + csn.bv_len || i < 0 || i > SLAP_SYNC_SID_MAX ) {
                i = -1;
+       }
+
        return i;
 }
 
@@ -157,7 +174,6 @@ slap_parse_sync_cookie(
 {
        char *csn_ptr;
        char *csn_str;
-       char *rid_ptr;
        char *cval;
        char *next, *end;
        AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
@@ -178,9 +194,14 @@ slap_parse_sync_cookie(
 
        for ( next=cookie->octet_str.bv_val; next < end; ) {
                if ( !strncmp( next, "rid=", STRLENOF("rid=") )) {
-                       rid_ptr = next;
-                       cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
-                       if ( next == rid_ptr || next > end || *next != ',' ) {
+                       char *rid_ptr = next;
+                       cookie->rid = strtol( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
+                       if ( next == rid_ptr ||
+                               next > end ||
+                               ( *next && *next != ',' ) ||
+                               cookie->rid < 0 ||
+                               cookie->rid > SLAP_SYNC_RID_MAX )
+                       {
                                return -1;
                        }
                        if ( *next == ',' ) {
@@ -192,9 +213,15 @@ slap_parse_sync_cookie(
                        continue;
                }
                if ( !strncmp( next, "sid=", STRLENOF("sid=") )) {
-                       rid_ptr = next;
-                       cookie->sid = strtoul( &rid_ptr[ STRLENOF( "sid=" ) ], &next, 16 );
-                       if ( next == rid_ptr || next > end || *next != ',' ) {
+                       char *sid_ptr = next;
+                       sid_ptr = next;
+                       cookie->sid = strtol( &sid_ptr[ STRLENOF( "sid=" ) ], &next, 16 );
+                       if ( next == sid_ptr ||
+                               next > end ||
+                               ( *next && *next != ',' ) ||
+                               cookie->sid < 0 ||
+                               cookie->sid > SLAP_SYNC_SID_MAX )
+                       {
                                return -1;
                        }
                        if ( *next == ',' ) {