Issue 4506 - BUG - fix oob alloc for fds (#4555)

Bug Description: during review it was requested that a piece of code be changed which seemed quite innocent. The code was moved but the logic around the code wasn't considered causing the fd array for the accept thread to be allocated with a size of zero, causing the values to be lost. Fix Description: Move the allocation to the correct location. fixes: #4506 Author: William Brown <william@blackhats.net.au> Review by: @mreynolds389 @droideck
389ds · Jan 28, 2021 · 6392435 · 6392435
1 parent 5f48459
commit 6392435
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
@@ -83,6 +83,7 @@ static int writesignalpipe = SLAPD_INVALID_SOCKET;
 static int readsignalpipe = SLAPD_INVALID_SOCKET;
 #define FDS_SIGNAL_PIPE 0
 
+static PRThread *accept_thread_p = NULL;
 static PRThread *disk_thread_p = NULL;
 static PRCondVar *diskmon_cvar = NULL;
 static PRLock *diskmon_mutex = NULL;
@@ -1300,9 +1301,7 @@ setup_pr_accept_pds(PRFileDesc **n_tcps, PRFileDesc **s_tcps, PRFileDesc **i_uni
     LBER_SOCKET socketdesc = SLAPD_INVALID_SOCKET;
     PRIntn count = 0;
     size_t n_listeners = 0;
-    struct POLL_STRUCT *myfds = (struct POLL_STRUCT *)slapi_ch_calloc(1, (count + 1) * sizeof(struct POLL_STRUCT));
-    /* Setup the return ptr */
-    *fds = myfds;
+    struct POLL_STRUCT *myfds = NULL;
 
     /* How many fds do we have? */
     if (n_tcps != NULL) {
@@ -1320,6 +1319,10 @@ setup_pr_accept_pds(PRFileDesc **n_tcps, PRFileDesc **s_tcps, PRFileDesc **i_uni
     }
 #endif
 
+    /* Setup the return ptr and alloc the struct */
+    myfds = (struct POLL_STRUCT *)slapi_ch_calloc(1, (count + 1) * sizeof(struct POLL_STRUCT));
+    *fds = myfds;
+
     /* Reset count. */
     count = 0;