X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fldapsync.c;h=cc1ed8705468df15f5d7fc9f0cdd8c4ed3095684;hb=0cc7ed6d550418bb0d936a557e3b9f119ba54a44;hp=5ecf2590f799c9c4c5f52edaa29b985b5a397f1b;hpb=27f7aa5b54bc4f2d957c73e71ac36ad0bc4247c5;p=openldap diff --git a/servers/slapd/ldapsync.c b/servers/slapd/ldapsync.c index 5ecf2590f7..cc1ed87054 100644 --- a/servers/slapd/ldapsync.c +++ b/servers/slapd/ldapsync.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2003-2005 The OpenLDAP Foundation. + * Copyright 2003-2006 The OpenLDAP Foundation. * Portions Copyright 2003 IBM Corporation. * All rights reserved. * @@ -55,7 +55,8 @@ slap_compose_sync_cookie( "csn=%s,rid=%03d", csn->bv_val, rid ); } } - ber_str2bv( cookiestr, strlen(cookiestr), 1, cookie ); + ber_str2bv_x( cookiestr, strlen(cookiestr), 1, cookie, + op ? op->o_tmpmemctx : NULL ); } void @@ -86,7 +87,8 @@ slap_sync_cookie_free( int slap_parse_sync_cookie( - struct sync_cookie *cookie + struct sync_cookie *cookie, + void *memctx ) { char *csn_ptr; @@ -94,27 +96,52 @@ slap_parse_sync_cookie( int csn_str_len; int valid = 0; char *rid_ptr; - char *rid_str; char *cval; + char *next; if ( cookie == NULL ) return -1; + if ( cookie->octet_str.bv_len <= STRLENOF( "rid=" ) ) + return -1; + + cookie->rid = -1; + /* FIXME: may read past end of cookie->octet_str.bv_val */ + rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" ); + if ( rid_ptr == NULL + || rid_ptr > &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "rid=" ) ] ) + { + return -1; + } + + cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 ); + if ( next == &rid_ptr[ STRLENOF( "rid=" ) ] || ( next[ 0 ] != ',' && next[ 0 ] != '\0' ) ) { + return -1; + } + while (( csn_ptr = strstr( cookie->octet_str.bv_val, "csn=" )) != NULL ) { AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp; slap_syntax_validate_func *validate; struct berval stamp; + /* This only happens when called from main */ + if ( ad == NULL ) + break; + + if ( csn_ptr >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "csn=" ) ] ) { + return -1; + } + csn_str = csn_ptr + STRLENOF("csn="); cval = strchr( csn_str, ',' ); - if ( cval ) + if ( cval && cval < &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] ) csn_str_len = cval - csn_str; else csn_str_len = 0; /* FIXME use csnValidate when it gets implemented */ csn_ptr = strchr( csn_str, '#' ); - if ( !csn_ptr ) break; + if ( !csn_ptr || csn_str >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] ) break; stamp.bv_val = csn_str; stamp.bv_len = csn_ptr - csn_str; @@ -125,22 +152,11 @@ slap_parse_sync_cookie( break; } if ( valid ) { - ber_str2bv( csn_str, csn_str_len, 1, &cookie->ctxcsn ); + ber_str2bv_x( csn_str, csn_str_len, 1, &cookie->ctxcsn, memctx ); } else { BER_BVZERO( &cookie->ctxcsn ); } - if (( rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" )) != NULL ) { - rid_str = SLAP_STRNDUP( rid_ptr, - SLAP_SYNC_RID_SIZE + sizeof("rid=") - 1 ); - if ( (cval = strchr( rid_str, ',' )) != NULL ) { - *cval = '\0'; - } - cookie->rid = atoi( rid_str + sizeof("rid=") - 1 ); - ch_free( rid_str ); - } else { - cookie->rid = -1; - } return 0; } @@ -176,9 +192,7 @@ slap_dup_sync_cookie( struct sync_cookie *src ) { - int i; struct sync_cookie *new; - struct berval tmp_bv; if ( src == NULL ) return NULL;