CLEANALLRUV coverity fixes

There was code that allowed for a static buffer overflow(CLEANRIDSIZ) in a few places,
but there are previous checks that make this impossible to over run.

A small potential memory leak was also fixed.

Reviewed by: Noriko(Thanks!)

ldap/servers/plugins/replication/repl5_agmt.c

@@ -434,7 +434,7 @@ agmt_new_from_entry(Slapi_Entry *e)
 		for (i = 0; i < CLEANRIDSIZ && clean_vals[i]; i++){
 			ra->cleanruv_notified[i] = atoi(clean_vals[i]);
 		}
-		if(i <= CLEANRIDSIZ)
+		if(i < CLEANRIDSIZ)
 		    ra->cleanruv_notified[i + 1] = 0;
 		slapi_ch_array_free(clean_vals);
 	} else {
@@ -2676,7 +2676,7 @@ agmt_set_cleanruv_notified_from_entry(Repl_Agmt *ra, Slapi_Entry *e){
         for (i = 0; i < CLEANRIDSIZ && attr_vals[i]; i++){
             ra->cleanruv_notified[i] = atoi(attr_vals[i]);
         }
-        if( i <= CLEANRIDSIZ )
+        if( i < CLEANRIDSIZ )
             ra->cleanruv_notified[i + 1] = 0;
         slapi_ch_array_free(attr_vals);
     } else {

ldap/servers/plugins/replication/repl5_replica.c

@@ -1954,6 +1954,7 @@ done:
                 if(payload == NULL){
                     slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort CleanAllRUV Task: failed to create extended "
                         "op payload\n");
+                    slapi_ch_free((void **)&data);
                 } else {
                     /* setup the data */
                     data->repl_obj = NULL;
@@ -3796,10 +3797,10 @@ replica_add_cleanruv_data(Replica *r, char *val)
     PR_Lock(r->repl_lock);
 
     for (i = 0; i < CLEANRIDSIZ && r->repl_cleanruv_data[i] != NULL; i++); /* goto the end of the list */
-    if( i < CLEANRIDSIZ)
+    if( i < CLEANRIDSIZ){
         r->repl_cleanruv_data[i] = slapi_ch_strdup(val); /* append to list */
-    if(i <= CLEANRIDSIZ)
-        r->repl_cleanruv_data[i + 1] = NULL;
+        r->repl_cleanruv_data[i + 1] = 0;
+    }
 
     PR_Unlock(r->repl_lock);
 }