X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fldapsync.c;h=bd4680960944e4ce6adc8eb6184eb8f93c6a98b6;hb=294da7ed11a9a5721b15d0ed81682f123e20cbb0;hp=16abf885b0e599ac1a2618f940539a0a44f719dd;hpb=06212e9de9b3d5bb6cbf047e551c77697842f140;p=openldap
diff --git a/servers/slapd/ldapsync.c b/servers/slapd/ldapsync.c
index 16abf885b0..bd46809609 100644
--- a/servers/slapd/ldapsync.c
+++ b/servers/slapd/ldapsync.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Copyright 2003-2008 The OpenLDAP Foundation.
* Portions Copyright 2003 IBM Corporation.
* All rights reserved.
*
@@ -120,20 +120,37 @@ slap_sync_cookie_free(
}
int
-slap_parse_csn_sid( struct berval *csn )
+slap_parse_csn_sid( struct berval *csnp )
{
char *p, *q;
+ struct berval csn = *csnp;
int i;
- p = memchr( csn->bv_val, '#', csn->bv_len );
- if ( p )
- p = strchr( p+1, '#' );
+ p = ber_bvchr( &csn, '#' );
if ( !p )
return -1;
p++;
- i = strtoul( p, &q, 10 );
- if ( p == q || i > SLAP_SYNC_SID_MAX )
+ csn.bv_len -= p - csn.bv_val;
+ csn.bv_val = p;
+
+ p = ber_bvchr( &csn, '#' );
+ if ( !p )
+ return -1;
+ p++;
+ csn.bv_len -= p - csn.bv_val;
+ csn.bv_val = p;
+
+ q = ber_bvchr( &csn, '#' );
+ if ( !q )
+ return -1;
+
+ csn.bv_len = q - p;
+
+ i = strtol( p, &q, 16 );
+ if ( p == q || q != p + csn.bv_len || i < 0 || i > SLAP_SYNC_SID_MAX ) {
i = -1;
+ }
+
return i;
}
@@ -141,7 +158,6 @@ int *
slap_parse_csn_sids( BerVarray csns, int numcsns, void *memctx )
{
int i, *ret;
- char *p, *q;
ret = slap_sl_malloc( numcsns * sizeof(int), memctx );
for ( i=0; ioctet_str.bv_val; next < end; ) {
if ( !strncmp( next, "rid=", STRLENOF("rid=") )) {
- rid_ptr = next;
- cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
- if ( next == rid_ptr || next > end || *next != ',' ) {
+ char *rid_ptr = next;
+ cookie->rid = strtol( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
+ if ( next == rid_ptr ||
+ next > end ||
+ ( *next && *next != ',' ) ||
+ cookie->rid < 0 ||
+ cookie->rid > SLAP_SYNC_RID_MAX )
+ {
return -1;
}
if ( *next == ',' ) {
@@ -194,9 +213,15 @@ slap_parse_sync_cookie(
continue;
}
if ( !strncmp( next, "sid=", STRLENOF("sid=") )) {
- rid_ptr = next;
- cookie->sid = strtoul( &rid_ptr[ STRLENOF( "sid=" ) ], &next, 16 );
- if ( next == rid_ptr || next > end || *next != ',' ) {
+ char *sid_ptr = next;
+ sid_ptr = next;
+ cookie->sid = strtol( &sid_ptr[ STRLENOF( "sid=" ) ], &next, 16 );
+ if ( next == sid_ptr ||
+ next > end ||
+ ( *next && *next != ',' ) ||
+ cookie->sid < 0 ||
+ cookie->sid > SLAP_SYNC_SID_MAX )
+ {
return -1;
}
if ( *next == ',' ) {