dieter@dkluenter.de wrote:
The problem is in slap_parse_sync_cookie(); when no cookie is passed, a string containing "rid=001" is parsed. The parser expects it to end with a comma. If passing "rid=001" is correct, the fix is trivial: instead of checking for (*next != ','), check for (*next && *next != ',').
Index: servers/slapd/ldapsync.c =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/ldapsync.c,v retrieving revision 1.42 diff -u -r1.42 ldapsync.c --- servers/slapd/ldapsync.c 18 May 2007 12:46:52 -0000 1.42 +++ servers/slapd/ldapsync.c 9 Jun 2007 09:42:24 -0000 @@ -180,7 +180,10 @@ if ( !strncmp( next, "rid=", STRLENOF("rid=") )) { rid_ptr = next; cookie->rid = strtoul( &rid_ptr[ STRLENOF( "rid=" ) ], &next, 10 ); - if ( next == rid_ptr || next > end || *next != ',' ) { + if ( next == rid_ptr + || next > end + || ( *next && *next != ',' ) ) + { return -1; } if ( *next == ',' ) { @@ -194,7 +197,10 @@ if ( !strncmp( next, "sid=", STRLENOF("sid=") )) { rid_ptr = next; cookie->sid = strtoul( &rid_ptr[ STRLENOF( "sid=" ) ], &next, 16 ); - if ( next == rid_ptr || next > end || *next != ',' ) { + if ( next == rid_ptr + || next > end + || ( *next && *next != ',' ) ) + { return -1; } if ( *next == ',' ) {
I'm not committing this fix because I'm not sure it doesn't break anything else.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------