Full_Name: Alexander Sychev Version: 2.4.48 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (91.103.66.207)

Steps to reproduce:

1. Write a test:

#include <ldap.h>

int main() { LDAP* h = NULL; LDAPURLDesc u; memset(&u, 0, sizeof(LDAPURLDesc)); char* s = 0; u.lud_scheme = "ldap"; u.lud_host = "locahost"; u.lud_port = 8080; u.lud_scope = LDAP_SCOPE_DEFAULT ; s = ldap_url_desc2str(&u); ldap_initialize(&h, s); ldap_memfree(s); ldap_unbind_ext_s(h, NULL, NULL); return 0; }

2. Compile it with AddressSanitizer support: gcc test.c -g -fsanitize=address

3. Run the test, analyze AddressSanitizer output: ================================================================= ==29038==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f9d35ac23a8 in __interceptor_calloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:70 #1 0x55d793627512 in ber_memcalloc_x (/tmp/test+0x67512) #2 0x55d79362757b in ber_memcalloc (/tmp/test+0x6757b) #3 0x55d793628a2d in ber_sockbuf_alloc (/tmp/test+0x68a2d) #4 0x55d7935ee453 in ldap_create (/tmp/test+0x2e453) #5 0x55d7935ee628 in ldap_initialize (/tmp/test+0x2e628) #6 0x55d7935ede8e in main /tmp/test.c:14 #7 0x7f9d3442c3d4 in __libc_start_main (/lib64/libc.so.6+0x223d4)

SUMMARY: AddressSanitizer: 40 byte(s) leaked in 1 allocation(s). =================================================================

4. Possible patch: --- openldap/libraries/libldap/unbind.c.orig 2019-07-23 17:46:22.000000000 +0300 +++ openldap/libraries/libldap/unbind.c 2019-09-27 15:39:40.000000000 +0300 @@ -134,6 +134,8 @@ /* Should already be closed by ldap_free_connection which knows not to free * this one */ ber_int_sb_destroy( ld->ld_sb ); + /* free memory to avoid of leak */ + ber_memfree( ld->ld_sb );

LDAP_MUTEX_LOCK( &ld->ld_ldopts_mutex );