X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fldapsync.c;h=f71bedaf45fdd18f831a3a4a94f0429c3a91916d;hb=eb3e92481bfbc655164e5c66aa3499a4315ac6ea;hp=99905ac67718307073724ce3ad902d686fc1ad65;hpb=7dc7c60c4bee16d1fcc1a6bc71aac881bdceb866;p=openldap

diff --git a/servers/slapd/ldapsync.c b/servers/slapd/ldapsync.c
index 99905ac677..f71bedaf45 100644
--- a/servers/slapd/ldapsync.c
+++ b/servers/slapd/ldapsync.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2007 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
  *
@@ -146,8 +146,8 @@ slap_parse_csn_sid( struct berval *csnp )
 
 	csn.bv_len = q - p;
 
-	i = (int)strtoul( p, &q, 16 );
-	if ( p == q || q != p + csn.bv_len || i > SLAP_SYNC_SID_MAX ) {
+	i = strtol( p, &q, 16 );
+	if ( p == q || q != p + csn.bv_len || i < 0 || i > SLAP_SYNC_SID_MAX ) {
 		i = -1;
 	}
 
@@ -174,7 +174,6 @@ slap_parse_sync_cookie(
 {
 	char *csn_ptr;
 	char *csn_str;
-	char *rid_ptr;
 	char *cval;
 	char *next, *end;
 	AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
@@ -195,11 +194,13 @@ slap_parse_sync_cookie(
 
 	for ( next=cookie->octet_str.bv_val; next < end; ) {
 		if ( !strncmp( next, "rid=", STRLENOF("rid=") )) {
-			rid_ptr = next;
-			cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
+			char *rid_ptr = next;
+			cookie->rid = strtol( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 );
 			if ( next == rid_ptr ||
 				next > end ||
-				( *next && *next != ',' ) )
+				( *next && *next != ',' ) ||
+				cookie->rid < 0 ||
+				cookie->rid > SLAP_SYNC_RID_MAX )
 			{
 				return -1;
 			}
@@ -212,11 +213,14 @@ slap_parse_sync_cookie(
 			continue;
 		}
 		if ( !strncmp( next, "sid=", STRLENOF("sid=") )) {
-			rid_ptr = next;
-			cookie->sid = strtoul( &rid_ptr[ STRLENOF( "sid=" ) ], &next, 16 );
-			if ( next == rid_ptr ||
+			char *sid_ptr = next;
+			sid_ptr = next;
+			cookie->sid = strtol( &sid_ptr[ STRLENOF( "sid=" ) ], &next, 16 );
+			if ( next == sid_ptr ||
 				next > end ||
-				( *next && *next != ',' ) )
+				( *next && *next != ',' ) ||
+				cookie->sid < 0 ||
+				cookie->sid > SLAP_SYNC_SID_MAX )
 			{
 				return -1;
 			}