From 0380a705304a4c1f4311c9c3f21255ed25138c94 Mon Sep 17 00:00:00 2001
From: Ilias Stamatis <stamatis.iliass@gmail.com>
Date: Mon, 31 Jul 2017 02:43:11 +0300
Subject: [PATCH] Issue 49309 - syntax checking on referint's delay attr

Bug Description: According to the documentation when
referint-update-delay is set to -1, it means that "No check for
referential integrity is performed". However, the server will not accept
such a value. Additionally, if we set a non-numerical value such as
a random string, the server will happily accept it.

Fix Description: Validate the input for referint-update-delay. Accept
the value only if it is an integer and it is more than -1.

https://pagure.io/389-ds-base/issue/49309

Author: Ilias95

Review by: ???
---
 ldap/servers/plugins/referint/referint.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/ldap/servers/plugins/referint/referint.c b/ldap/servers/plugins/referint/referint.c
index 20c45733d..cf7ac3199 100644
--- a/ldap/servers/plugins/referint/referint.c
+++ b/ldap/servers/plugins/referint/referint.c
@@ -311,13 +311,17 @@ load_config(Slapi_PBlock *pb, Slapi_Entry *config_entry, int apply)
         rc = SLAPI_PLUGIN_FAILURE;
         goto done;
     } else {
-        /* set these to -1 for config validation */
-        tmp_config->delay = -1;
+        /* set these for config validation */
+        tmp_config->delay = -2;
         tmp_config->logchanges = -1;
     }
 
     if ((value = slapi_entry_attr_get_charptr(config_entry, REFERINT_ATTR_DELAY))) {
-        tmp_config->delay = atoi(value);
+        char *endptr = NULL;
+        tmp_config->delay = strtol(value, &endptr, 10);
+        if (!(value && !*endptr) || tmp_config->delay < -1) {
+            tmp_config->delay = -2;
+        }
         slapi_ch_free_string(&value);
         new_config_present = 1;
     }
@@ -337,8 +341,8 @@ load_config(Slapi_PBlock *pb, Slapi_Entry *config_entry, int apply)
 
     if (new_config_present) {
         /* Verify we have everything we need */
-        if (tmp_config->delay == -1) {
-            slapi_log_err(SLAPI_LOG_ERR, REFERINT_PLUGIN_SUBSYSTEM, "load_config - Plugin configuration is missing %s\n",
+        if (tmp_config->delay == -2) {
+            slapi_log_err(SLAPI_LOG_ERR, REFERINT_PLUGIN_SUBSYSTEM, "load_config - Plugin configuration is missing or is incorrect %s\n",
                           REFERINT_ATTR_DELAY);
             rc = SLAPI_PLUGIN_FAILURE;
         } else if (!tmp_config->logfile) {
-- 
2.13.3