mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-03-31 14:50:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add better validation of received cookie csn

Browse Source
This commit is contained in:
Howard Chu 2004-12-09 08:49:54 +00:00
parent 4b736945be
commit c83a74f4f3
1 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
servers/slapd/overlays/syncprov.c
View File

@ -1744,9 +1744,29 @@ syncprov_op_search( Operation *op, SlapReply *rs )
sessionlog *sl;
/* Is the CSN in a valid format? */
if ( srs->sr_state.ctxcsn->bv_len >= LDAP_LUTIL_CSNSTR_BUFSIZE ) {
send_ldap_error( op, rs, LDAP_OTHER, "invalid sync cookie" );
return rs->sr_err;
/* FIXME: should use csnValidate when that is implemented */
{
char *ptr;
struct berval timestamp;
slap_syntax_validate_func *validate;
AttributeDescription *ad = slap_schema.si_ad_modifyTimestamp;
if ( srs->sr_state.ctxcsn->bv_len >= LDAP_LUTIL_CSNSTR_BUFSIZE ) {
send_ldap_error( op, rs, LDAP_OTHER, "invalid sync cookie" );
return rs->sr_err;
}
ptr = strchr( srs->sr_state.ctxcsn->bv_val, '#' );
if ( !ptr ) {
send_ldap_error( op, rs, LDAP_OTHER, "invalid sync cookie" );
return rs->sr_err;
}
timestamp.bv_val = srs->sr_state.ctxcsn->bv_val;
timestamp.bv_len = ptr - timestamp.bv_val;
validate = ad->ad_type->sat_syntax->ssyn_validate;
if ( validate( ad->ad_type->sat_syntax, &timestamp )) {
send_ldap_error( op, rs, LDAP_OTHER, "invalid sync cookie" );
return rs->sr_err;
}
}
/* If just Refreshing and nothing has changed, shortcut it */
if ( bvmatch( srs->sr_state.ctxcsn, &ctxcsn )) {