Greetings, SASL developers. I recognize the version of SASL2 I'm using is long in tooth, but looking at the code, I believe a memory leak I've encountered is still present in 2.1.26 (latest source I've seen).

The problem from an OpenLDAP client viewpoint is described in detail at:

http://www.OpenLDAP.org/its/index.cgi?findid=8566

digestmd5.c sasl_client_start()/sasl_client_step(), when called for a new SASL DIGEST-MD5 authentication each time after the first such case, appear to abandon and re-allocate from scratch (without freeing) a [con]text->out_buf allocated and expanded during the previous authentication cycle by _plug_buf_alloc() on behalf of add_to_challenge().

In my case, each DIGEST-MD5 authentication after the first leaks 500-600 bytes, regardless of whether sasl_dispose() is called between successive authentications.

I suspect, but have not proven, that this is because "text->out_buf=NULL" appears twice in digestmd5.c, in both make_client_response() and digestmd5_server_mech_step1(). If both instances were executed for one authentication cycle, it could produce the memory leak in question.

The latter instance (in digestmd5_server_mech_step1()) might need to free any block addressed by the pointer before nullifying it. Sorry I can't provide a patch or stronger evidence, but the logic here is a bit complex for a casual onlooker to tackle.

Thanks for your efforts, Bill Clay