X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fldapsync.c;h=f71bedaf45fdd18f831a3a4a94f0429c3a91916d;hb=6d1aa51604a7ae9c44287af5201afc9f43b5e91e;hp=1d7bf3b2bf2e34d1347118e1e5ba1309f95b4669;hpb=578a2b0db4eddbf5a64c208bde9a5b5c0052ca93;p=openldap

diff --git a/servers/slapd/ldapsync.c b/servers/slapd/ldapsync.c
index 1d7bf3b2bf..f71bedaf45 100644
--- a/servers/slapd/ldapsync.c
+++ b/servers/slapd/ldapsync.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
  *
@@ -120,30 +120,46 @@ slap_sync_cookie_free(
 }
 
 int
-slap_parse_csn_sid( struct berval *csn )
+slap_parse_csn_sid( struct berval *csnp )
 {
 	char *p, *q;
+	struct berval csn = *csnp;
 	int i;
 
-	p = memchr( csn->bv_val, '#', csn->bv_len );
-	if ( p )
-		p = strchr( p+1, '#' );
+	p = ber_bvchr( &csn, '#' );
 	if ( !p )
 		return -1;
 	p++;
-	i = strtoul( p, &q, 10 );
-	if ( p == q || i > SLAP_SYNC_SID_MAX )
+	csn.bv_len -= p - csn.bv_val;
+	csn.bv_val = p;
+
+	p = ber_bvchr( &csn, '#' );
+	if ( !p )
+		return -1;
+	p++;
+	csn.bv_len -= p - csn.bv_val;
+	csn.bv_val = p;
+
+	q = ber_bvchr( &csn, '#' );
+	if ( !q )
+		return -1;
+
+	csn.bv_len = q - p;
+
+	i = strtol( p, &q, 16 );
+	if ( p == q || q != p + csn.bv_len || i < 0 || i > SLAP_SYNC_SID_MAX ) {
 		i = -1;
+	}
+
 	return i;
 }
 
 int *
-slap_parse_csn_sids( BerVarray csns, int numcsns )
+slap_parse_csn_sids( BerVarray csns, int numcsns, void *memctx )
 {
 	int i, *ret;
-	char *p, *q;
 
-	ret = ch_malloc( numcsns * sizeof(int) );
+	ret = slap_sl_malloc( numcsns * sizeof(int), memctx );
 	for ( i=0; i<numcsns; i++ ) {
 		ret[i] = slap_parse_csn_sid( &csns[i] );
 	}
@@ -158,8 +174,6 @@ slap_parse_sync_cookie(
 {
 	char *csn_ptr;
 	char *csn_str;
-	int csn_str_len;
-	char *rid_ptr;
 	char *cval;
 	char *next, *end;
 	AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
@@ -180,9 +194,14 @@ slap_parse_sync_cookie(
 
 	for ( next=cookie->octet_str.bv_val; next < end; ) {
 		if ( !strncmp( next, "rid=", STRLENOF("rid=") )) {
-			rid_ptr = next;
-			cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
-			if ( next == rid_ptr || next > end || *next != ',' ) {
+			char *rid_ptr = next;
+			cookie->rid = strtol( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
+			if ( next == rid_ptr ||
+				next > end ||
+				( *next && *next != ',' ) ||
+				cookie->rid < 0 ||
+				cookie->rid > SLAP_SYNC_RID_MAX )
+			{
 				return -1;
 			}
 			if ( *next == ',' ) {
@@ -194,9 +213,15 @@ slap_parse_sync_cookie(
 			continue;
 		}
 		if ( !strncmp( next, "sid=", STRLENOF("sid=") )) {
-			rid_ptr = next;
-			cookie->sid = strtoul( &rid_ptr[ STRLENOF( "sid=" ) ], &next, 16 );
-			if ( next == rid_ptr || next > end || *next != ',' ) {
+			char *sid_ptr = next;
+			sid_ptr = next;
+			cookie->sid = strtol( &sid_ptr[ STRLENOF( "sid=" ) ], &next, 16 );
+			if ( next == sid_ptr ||
+				next > end ||
+				( *next && *next != ',' ) ||
+				cookie->sid < 0 ||
+				cookie->sid > SLAP_SYNC_SID_MAX )
+			{
 				return -1;
 			}
 			if ( *next == ',' ) {
@@ -235,7 +260,9 @@ slap_parse_sync_cookie(
 				else
 					stamp.bv_len = end - csn_str;
 				if ( ad ) {
-					value_add_one( &cookie->ctxcsn, &stamp );
+					struct berval bv;
+					ber_dupbv_x( &bv, &stamp, memctx );
+					ber_bvarray_add_x( &cookie->ctxcsn, &bv, memctx );
 					cookie->numcsns++;
 				}
 				if ( cval ) {
@@ -252,7 +279,8 @@ slap_parse_sync_cookie(
 		next++;
 	}
 	if ( cookie->numcsns ) {
-		cookie->sids = slap_parse_csn_sids( cookie->ctxcsn, cookie->numcsns );
+		cookie->sids = slap_parse_csn_sids( cookie->ctxcsn, cookie->numcsns,
+			memctx );
 	}
 	return 0;
 }