[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6394) syncrepl accepts rid>999 then assumes rid<=999

h.b.furuseth@usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: HEAD, RE24
> OS: 
> URL: 
> Submission from: (NULL) (
> Submitted by: hallvard
> syncrepl accepts rid values in range [0, SLAP_SYNC_SID_MAX(4095)], but
> proceeds to assume the rid is in range [0, SLAP_SYNC_RID_MAX (999)].
> This can produce buffer overruns for such rids.
> slapd.conf(5) says max rid = 4095, since ITS#5108.
> Possible fixes: either to revert to a limit of 999, or expand to 4
> digits to support the documented behavior, or to make them hex to keep
> the documented limit but still max 3 digits.

I've opted to revert to 999. The previous behavior was completely broken
anyway; aside from the syncrepl config parser all of the rest of the
infrastructure was still treating rids as 3 decimal digits: the config
unparser, slapd-config(5), slap_compose_sync_cookie, slap_parse_sync_cookie,
etc. etc... All of these would have had to change to hex to make the 4095
limit work, and they weren't. Also, for backward compatibility with 2.3, they

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/