Full_Name: Pierangelo Masarati Version: HEAD/re24/re23 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.72.89.40) Submitted by: ando

Occasionally, strtoul(3) is used in slapd(8) to parse integers that are expected to be unsigned. It seems that strtoul(3) is used under the assumption that it will fail if a negative number is encountered. This is not the case; in fact, by design, negative numbers are read as positive, and negated. If negative numbers are not allowed, strtol(3) should be used instead, and the value should be checked (or the string should be checked for '-' before calling strtoul(3).

p.