(ITS#8566) OpenLDAP client API SASL auth memory leak

Full_Name: Bill Clay Version: 2.4.44 OS: Debian/GNU Linux 7.8 (Wheezy) URL: Submission from: (NULL) (79.12.44.250) Valgrind runs of a testbed script driving an OpenLDAP API client module I am developing appear to show a consistent, reproducible memory leak ("lost memory") when using the SASL default authentication mech (DIGEST-MD5 for my system) over any underlying transport: ldapi://, ldap://, ldaps://. The first two transports show identical symptoms with or without startTLS prior to authentication. Additional test and symptom details: * Using the same testbed and client module and either SASL mech EXTERNAL or LDAP simple bind, valgrind indicates no lost memory. * Symptoms are constant with or without proxy authz (i.e., a SASL interactive callback SASL_CB_USER response). * I have not configured or tested other SASL mechs in this environment. * The FIRST SASL authentication of a process does NOT show a memory leak. * Each SASL authentication of a process AFTER the first shows a one additional realloc leak of the same size (500-600 bytes depending on bind details). * The iterative test is: [ldap_initialize()], [ldap_start_tls_s()], ldap_sasl_interactive_bind_s(), [ldap_search_ext_s()], [ldap_whoami_s()], [ldap_unbind_ext_s()], where [] indicates calls whose omission yields no change in symptoms (except initialize is always called for the first iteration of a sequence and after an unbind; unbind is always called after the last iteration). Environment: Debian 7 Wheezy OpenLDAP v. 2.4.44 original (not Debian) source custom build: ./configure --sysconfdir=/etc --localstedirir=/ \ --disable-backends --enable-mdb --enable-monitor \ --enable-crypt --enable-cleartext \ --with-cyrus-sasl --enable-spasswd --enable-syslog --enable-local \ --disable-overlays --enable-memberof --enable-refint --enable-unique \ --disable-modules --with-tls --with-threads --with-gnu-ld Sample valgrind output (the call stack is always the same, except for exact addresses): bill@fuji:/usr/local/src/liquid_feedback_frontend-v3.2.1/lib/mldap$ LD_PRELOAD=/usr/local/src/liquid_feedback_frontend-v3.2.1/lib/mldap/mldap.so valgrind --leak-check=full /usr/local/src/altit-sso/lf-ldap/mldap_full_test.lua ==4149== Memcheck, a memory error detector ==4149== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==4149== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==4149== Command: /usr/local/src/altit-sso/lf-ldap/mldap_full_test.lua ==4149== create cctx regkey 556aeaf3c864af2e_mldap_connection, cctx=0699c028, stack 0 1 1 SASL bind uid %2p%p/w enter mldap_bind(), regkey=556aeaf3c864af2e_mldap_connection, cctx=0x699c028 mldap_bind call ldap_initialize("ldap://fuji.pvt.suresys.com") mldap_bind after ldap_bind(0x699cac0), cctx=0x699c028 DIGEST-MD5,CRAM-MD5,NTLM dn:uid=jdoe,ou=persone,dc=altraitalia,dc=test < snip - 8 iterations removed > 10 1 SASL bind uid + p/w enter mldap_bind(), regkey=556aeaf3c864af2e_mldap_connection, cctx=0x699c028 mldap_bind after ldap_bind(0x699cac0), cctx=0x699c028 DIGEST-MD5,CRAM-MD5,LMLM dn:uid=jdoe,ou=persone,dc=altraitalia,dc=test unbind cctx->ldp=0x699cac0 exit unbind normal termination, 10 iterations enter mldap_gc(); cctx->ldp=0 exit mldap_gc() ==4149== ==4149== HEAP SUMMARY: ==4149== in use at exit: 45,614 bytes in 334 blocks ==4149== total heap usage: 3,543 allocs, 3,209 frees, 169,733,045 bytes allocated ==4149== ==4149== 4,896 bytes in 9 blocks are definitely lost in loss record 122 of 124 ==4149== at 0x4C28CCE: realloc (vg_replace_malloc.c:632) ==4149== by 0x7712426: _plug_buf_alloc (in /usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25) ==4149== by 0x770C232: add_to_challenge (in /usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25) ==4149== by 0x770E689: make_client_response (in /r%r/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25) ==4149== by 0x770EC97: digestmd5_client_mech_step (in /usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25) ==4149== by 0x5CD03AD: sasl_client_step (in /usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25) ==4149== by 0x5CD08DA: sasl_client_start (in /usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25) ==4149== by 0x405386E: ldap_int_sasl_bind (cyrus.c:510) ==4149== by 0x4056E5F: ldap_sasl_interactive_bind (sasl.c:487) ==4149== by 0x405702B: ldap_sasl_interactive_bind_s (sasl.c:521) ==4149== by 0x4027663: mldap_bind (mldap.c:647) ==4149== by 0x408C31: luaD_precall (in /usr/bin/lua5.2) ==4149== ==4149== LEAK SUMMARY: ==4149== definitely lost: 4,896 bytes in 9 blocks ==4149== indirectly lost: 0 bytes in 0 blocks ==4149== possibly lost: 0 bytes in 0 blocks ==4149== still reachable: 40,718 bytes in 325 blocks ==4149== suppressed: 0 bytes in 0 blocks ==4149== Reachable blocks (those to which a pointer was found) are not shown.D%D ==4149== To see them, rerun with: --leak-check=full --show-reachable=yes ==4149== ==4149== For counts of detected and suppressed errors, rerun with: -v ==4149== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 31 from 7) bill@fuji:/usr/local/src/liquid_feedback_frontend-v3.2.1/lib/mldap$