X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fldapsync.c;h=693bf7c7e38b46abe777d51c73a31dd1fe48cfd1;hb=5714f8565ff4228270ed2c97f78f5b31ce085b6e;hp=9d335860dfbb9c8057d27fc211f02f7bc7a1fd82;hpb=0b2a428a291723a3faff3d07fa578441a926b62d;p=openldap diff --git a/servers/slapd/ldapsync.c b/servers/slapd/ldapsync.c index 9d335860df..693bf7c7e3 100644 --- a/servers/slapd/ldapsync.c +++ b/servers/slapd/ldapsync.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2003-2005 The OpenLDAP Foundation. + * Copyright 2003-2006 The OpenLDAP Foundation. * Portions Copyright 2003 IBM Corporation. * All rights reserved. * @@ -38,24 +38,30 @@ slap_compose_sync_cookie( int rid ) { char cookiestr[ LDAP_LUTIL_CSNSTR_BUFSIZE + 20 ]; + int len; if ( BER_BVISNULL( csn )) { if ( rid == -1 ) { cookiestr[0] = '\0'; + len = 0; } else { - snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20, + len = snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20, "rid=%03d", rid ); } } else { - if ( rid == -1 ) { - snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20, - "csn=%s", csn->bv_val ); - } else { - snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20, - "csn=%s,rid=%03d", csn->bv_val, rid ); + char *end = cookiestr + sizeof(cookiestr); + char *ptr = lutil_strcopy( cookiestr, "csn=" ); + len = csn->bv_len; + if ( ptr + len >= end ) + len = end - ptr; + ptr = lutil_strncopy( ptr, csn->bv_val, len ); + if ( rid != -1 && ptr < end - STRLENOF(",rid=xxx") ) { + ptr += sprintf( ptr, ",rid=%03d", rid ); } + len = ptr - cookiestr; } - ber_str2bv( cookiestr, strlen(cookiestr), 1, cookie ); + ber_str2bv_x( cookiestr, len, 1, cookie, + op ? op->o_tmpmemctx : NULL ); } void @@ -96,20 +102,28 @@ slap_parse_sync_cookie( int valid = 0; char *rid_ptr; char *cval; + char *next; if ( cookie == NULL ) return -1; + if ( cookie->octet_str.bv_len <= STRLENOF( "rid=" ) ) + return -1; + cookie->rid = -1; - if (( rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" )) != NULL ) { - if ( (cval = strchr( rid_ptr, ',' )) != NULL ) { - *cval = '\0'; - } - cookie->rid = atoi( rid_ptr + sizeof("rid=") - 1 ); - if ( cval != NULL ) { - *cval = ','; - } - } else { + /* FIXME: may read past end of cookie->octet_str.bv_val */ + rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" ); + if ( rid_ptr == NULL + || rid_ptr > &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "rid=" ) ] ) + { + return -1; + } + + if ( rid_ptr[ STRLENOF( "rid=" ) ] == '-' ) { + return -1; + } + cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 ); + if ( next == &rid_ptr[ STRLENOF( "rid=" ) ] || ( next[ 0 ] != ',' && next[ 0 ] != '\0' ) ) { return -1; } @@ -122,16 +136,20 @@ slap_parse_sync_cookie( if ( ad == NULL ) break; + if ( csn_ptr >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "csn=" ) ] ) { + return -1; + } + csn_str = csn_ptr + STRLENOF("csn="); cval = strchr( csn_str, ',' ); - if ( cval ) + if ( cval && cval < &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] ) csn_str_len = cval - csn_str; else csn_str_len = 0; /* FIXME use csnValidate when it gets implemented */ csn_ptr = strchr( csn_str, '#' ); - if ( !csn_ptr ) break; + if ( !csn_ptr || csn_str >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] ) break; stamp.bv_val = csn_str; stamp.bv_len = csn_ptr - csn_str;