[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6394) syncrepl accepts rid>999 then assumes rid<=999
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6394) syncrepl accepts rid>999 then assumes rid<=999
- From: hyc@symas.com
- Date: Sat, 21 Nov 2009 23:22:09 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
h.b.furuseth@usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: HEAD, RE24
> OS:
> URL:
> Submission from: (NULL) (129.240.6.233)
> Submitted by: hallvard
>
>
> syncrepl accepts rid values in range [0, SLAP_SYNC_SID_MAX(4095)], but
> proceeds to assume the rid is in range [0, SLAP_SYNC_RID_MAX (999)].
> This can produce buffer overruns for such rids.
>
> slapd.conf(5) says max rid = 4095, since ITS#5108.
>
> Possible fixes: either to revert to a limit of 999, or expand to 4
> digits to support the documented behavior, or to make them hex to keep
> the documented limit but still max 3 digits.
I've opted to revert to 999. The previous behavior was completely broken
anyway; aside from the syncrepl config parser all of the rest of the
infrastructure was still treating rids as 3 decimal digits: the config
unparser, slapd-config(5), slap_compose_sync_cookie, slap_parse_sync_cookie,
etc. etc... All of these would have had to change to hex to make the 4095
limit work, and they weren't. Also, for backward compatibility with 2.3, they
can't.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/