X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fldapsync.c;h=de04c393524581d09b2a966ef44f95376c8ef182;hb=34f4c2cb97dd6c7851e30298c7e014e170f54665;hp=5ecf2590f799c9c4c5f52edaa29b985b5a397f1b;hpb=b4cb3e39c693e091436953ad35a36ce46ad54ef4;p=openldap diff --git a/servers/slapd/ldapsync.c b/servers/slapd/ldapsync.c index 5ecf2590f7..de04c39352 100644 --- a/servers/slapd/ldapsync.c +++ b/servers/slapd/ldapsync.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2003-2005 The OpenLDAP Foundation. + * Copyright 2003-2006 The OpenLDAP Foundation. * Portions Copyright 2003 IBM Corporation. * All rights reserved. * @@ -38,24 +38,30 @@ slap_compose_sync_cookie( int rid ) { char cookiestr[ LDAP_LUTIL_CSNSTR_BUFSIZE + 20 ]; + int len; if ( BER_BVISNULL( csn )) { if ( rid == -1 ) { cookiestr[0] = '\0'; + len = 0; } else { - snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20, + len = snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20, "rid=%03d", rid ); } } else { - if ( rid == -1 ) { - snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20, - "csn=%s", csn->bv_val ); - } else { - snprintf( cookiestr, LDAP_LUTIL_CSNSTR_BUFSIZE + 20, - "csn=%s,rid=%03d", csn->bv_val, rid ); + char *end = cookiestr + sizeof(cookiestr); + char *ptr = lutil_strcopy( cookiestr, "csn=" ); + len = csn->bv_len; + if ( ptr + len >= end ) + len = end - ptr; + ptr = lutil_strncopy( ptr, csn->bv_val, len ); + if ( rid != -1 && ptr < end - STRLENOF(",rid=xxx") ) { + ptr += sprintf( ptr, ",rid=%03d", rid ); } + len = ptr - cookiestr; } - ber_str2bv( cookiestr, strlen(cookiestr), 1, cookie ); + ber_str2bv_x( cookiestr, len, 1, cookie, + op ? op->o_tmpmemctx : NULL ); } void @@ -86,7 +92,8 @@ slap_sync_cookie_free( int slap_parse_sync_cookie( - struct sync_cookie *cookie + struct sync_cookie *cookie, + void *memctx ) { char *csn_ptr; @@ -94,27 +101,56 @@ slap_parse_sync_cookie( int csn_str_len; int valid = 0; char *rid_ptr; - char *rid_str; char *cval; + char *next; if ( cookie == NULL ) return -1; + if ( cookie->octet_str.bv_len <= STRLENOF( "rid=" ) ) + return -1; + + cookie->rid = -1; + /* FIXME: may read past end of cookie->octet_str.bv_val */ + rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" ); + if ( rid_ptr == NULL + || rid_ptr > &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "rid=" ) ] ) + { + return -1; + } + + if ( rid_ptr[ STRLENOF( "rid=" ) ] == '-' ) { + return -1; + } + + cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 ); + if ( next == &rid_ptr[ STRLENOF( "rid=" ) ] || ( next[ 0 ] != ',' && next[ 0 ] != '\0' ) ) { + return -1; + } + while (( csn_ptr = strstr( cookie->octet_str.bv_val, "csn=" )) != NULL ) { AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp; slap_syntax_validate_func *validate; struct berval stamp; + /* This only happens when called from main */ + if ( ad == NULL ) + break; + + if ( csn_ptr >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len - STRLENOF( "csn=" ) ] ) { + return -1; + } + csn_str = csn_ptr + STRLENOF("csn="); cval = strchr( csn_str, ',' ); - if ( cval ) + if ( cval && cval < &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] ) csn_str_len = cval - csn_str; else csn_str_len = 0; /* FIXME use csnValidate when it gets implemented */ csn_ptr = strchr( csn_str, '#' ); - if ( !csn_ptr ) break; + if ( !csn_ptr || csn_str >= &cookie->octet_str.bv_val[ cookie->octet_str.bv_len ] ) break; stamp.bv_val = csn_str; stamp.bv_len = csn_ptr - csn_str; @@ -125,22 +161,11 @@ slap_parse_sync_cookie( break; } if ( valid ) { - ber_str2bv( csn_str, csn_str_len, 1, &cookie->ctxcsn ); + ber_str2bv_x( csn_str, csn_str_len, 1, &cookie->ctxcsn, memctx ); } else { BER_BVZERO( &cookie->ctxcsn ); } - if (( rid_ptr = strstr( cookie->octet_str.bv_val, "rid=" )) != NULL ) { - rid_str = SLAP_STRNDUP( rid_ptr, - SLAP_SYNC_RID_SIZE + sizeof("rid=") - 1 ); - if ( (cval = strchr( rid_str, ',' )) != NULL ) { - *cval = '\0'; - } - cookie->rid = atoi( rid_str + sizeof("rid=") - 1 ); - ch_free( rid_str ); - } else { - cookie->rid = -1; - } return 0; } @@ -176,9 +201,7 @@ slap_dup_sync_cookie( struct sync_cookie *src ) { - int i; struct sync_cookie *new; - struct berval tmp_bv; if ( src == NULL ) return NULL;