[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6394) syncrepl accepts rid>999 then assumes rid<=999

Full_Name: Hallvard B Furuseth
Version: HEAD, RE24
Submission from: (NULL) (
Submitted by: hallvard

syncrepl accepts rid values in range [0, SLAP_SYNC_SID_MAX(4095)], but
proceeds to assume the rid is in range [0, SLAP_SYNC_RID_MAX (999)].
This can produce buffer overruns for such rids.

slapd.conf(5) says max rid = 4095, since ITS#5108.

Possible fixes: either to revert to a limit of 999, or expand to 4
digits to support the documented behavior, or to make them hex to keep
the documented limit but still max 3 digits.