Bug 1575549

Description of problem:
Simple program to connect openldap overssl when run under valgrind generates reports showing memory leaks.

#if defined(__linux)
#include <iostream>
#include <ldap.h>
#include <openssl/ssl.h>

int main()
{
    std::cout<<"Inside Main\n";
    try
    {
        const std::string bindDn("ldap"); // TODO set bind DN
        const std::string bindPw("passwd"); // TODO set bind password
        const std::string host("ldaps://ldap.company.com"); // TODO set host. E.g.: ldaps://ldap.company.com

        // check configuration
        if (bindDn.empty() || bindPw.empty() || host.empty())
            throw "The LDAP configuration parameters must not be empty!";

        // connect
        // causes memory leak
        LDAP* ldapConn;
        int ldaperr = ldap_initialize(&ldapConn, host.c_str());
        if (ldaperr != LDAP_SUCCESS)
            throw "Unable to initialize LDAP for '" + host + "'. Reason: " + ldap_err2string(ldaperr);
        // bind as a service user
        berval cred;
        cred.bv_val = const_cast<char*>(bindPw.c_str());
        cred.bv_len = static_cast<ber_len_t>(bindPw.length());
        ldaperr = ldap_sasl_bind_s(ldapConn, bindDn.c_str(), LDAP_SASL_SIMPLE, &cred, nullptr, nullptr, nullptr);
        if (ldaperr != LDAP_SUCCESS)
            throw "Unable to bind as dn '" + bindDn + "' to LDAP service. Reason: " + ldap_err2string(ldaperr);

        // perform search
        // causes: Warning: invalid file descriptor -1 in syscall write()
        const std::string searchDn;
        LDAPMessage* ldapMessage;
        ldaperr = ldap_search_ext_s(ldapConn, searchDn.c_str(), LDAP_SCOPE_BASE, "(objectclass=*)", NULL, 0, NULL, NULL, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &ldapMessage);
        if (ldaperr != LDAP_SUCCESS)
            throw "Unable to search in LDAP tree. Reason: " + std::string(ldap_err2string(ldaperr));

        ldap_msgfree(ldapMessage);
        ldap_unbind_ext_s(ldapConn, nullptr, nullptr);
        return EXIT_SUCCESS;
    }
    catch (const std::string& e) {
        std::cout << "Exception occurred: " << e << std::endl;
    }
    return EXIT_FAILURE;
}
#else
int main()
{
    return 0;
}
#endif

# cat compile.sh
g++ -Wall -Wextra -std=c++11 main.cpp -o OpenLDAPValgrindProblems -lm -ldl -lpthread -lrt -lldap_r -llber
valgrind --tool=memcheck --leak-check=full --error-limit=no ./OpenLDAPValgrindProblems

# ./compile.sh 
==30126== Memcheck, a memory error detector
==30126== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==30126== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==30126== Command: ./OpenLDAPValgrindProblems
==30126==
==30126== Warning: invalid file descriptor -1 in syscall write()
==30126==
==30126== HEAP SUMMARY:
==30126==     in use at exit: 99,497 bytes in 3,092 blocks
==30126==   total heap usage: 139,747 allocs, 136,655 frees, 15,177,222 bytes allocated
==30126==
==30126== 96 bytes in 1 blocks are definitely lost in loss record 262 of 351
==30126==    at 0x4C29C80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30126==    by 0x7714F8F: PORT_Alloc_Util (in /usr/lib64/libnssutil3.so)
==30126==    by 0x73EE4ED: CERT_Hexify (in /usr/lib64/libnss3.so)
==30126==    by 0x549E306: tlsmc_hash (tls_mc.c:443)
==30126==    by 0x549E96E: tlsmc_compute_checksum (tls_mc.c:618)
==30126==    by 0x549FACE: tlsmc_convert (tls_mc.c:1160)
==30126==    by 0x54A0020: tlsmc_intercept_initialization (tls_mc.c:1303)
==30126==    by 0x5499FBE: ldap_int_tls_init_ctx (tls2.c:208)
==30126==    by 0x549A29C: ldap_pvt_tls_init_def_ctx (tls2.c:298)
==30126==    by 0x549A32A: alloc_handle (tls2.c:313)
==30126==    by 0x549A40B: ldap_int_tls_connect.isra.2 (tls2.c:362)
==30126==    by 0x549B2C5: ldap_int_tls_start (tls2.c:907)
==30126==
==30126== 123 bytes in 1 blocks are definitely lost in loss record 264 of 351
==30126==    at 0x4C2BFEE: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30126==    by 0x7D46EDF: GrowStuff (prprf.c:1131)
==30126==    by 0x7D471E3: dosprintf (prprf.c:722)
==30126==    by 0x7D480E9: PR_vsmprintf (prprf.c:1184)
==30126==    by 0x7D481C8: PR_smprintf (prprf.c:1162)
==30126==    by 0x549FB1E: tlsmc_convert (tls_mc.c:1178)
==30126==    by 0x54A0020: tlsmc_intercept_initialization (tls_mc.c:1303)
==30126==    by 0x5499FBE: ldap_int_tls_init_ctx (tls2.c:208)
==30126==    by 0x549A29C: ldap_pvt_tls_init_def_ctx (tls2.c:298)
==30126==    by 0x549A32A: alloc_handle (tls2.c:313)
==30126==    by 0x549A40B: ldap_int_tls_connect.isra.2 (tls2.c:362)
==30126==    by 0x549B2C5: ldap_int_tls_start (tls2.c:907)
==30126==
==30126== 123 bytes in 1 blocks are definitely lost in loss record 265 of 351
==30126==    at 0x4C2BFEE: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30126==    by 0x7D46EDF: GrowStuff (prprf.c:1131)
==30126==    by 0x7D471E3: dosprintf (prprf.c:722)
==30126==    by 0x7D480E9: PR_vsmprintf (prprf.c:1184)
==30126==    by 0x7D481C8: PR_smprintf (prprf.c:1162)
==30126==    by 0x549FDFF: tlsmc_convert (tls_mc.c:1245)
==30126==    by 0x54A0020: tlsmc_intercept_initialization (tls_mc.c:1303)
==30126==    by 0x5499FBE: ldap_int_tls_init_ctx (tls2.c:208)
==30126==    by 0x549A29C: ldap_pvt_tls_init_def_ctx (tls2.c:298)
==30126==    by 0x549A32A: alloc_handle (tls2.c:313)
==30126==    by 0x549A40B: ldap_int_tls_connect.isra.2 (tls2.c:362)
==30126==    by 0x549B2C5: ldap_int_tls_start (tls2.c:907)
==30126==
==30126== 123 bytes in 1 blocks are definitely lost in loss record 266 of 351
==30126==    at 0x4C2BFEE: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30126==    by 0x7D46EDF: GrowStuff (prprf.c:1131)
==30126==    by 0x7D471E3: dosprintf (prprf.c:722)
==30126==    by 0x7D480E9: PR_vsmprintf (prprf.c:1184)
==30126==    by 0x7D481C8: PR_smprintf (prprf.c:1162)
==30126==    by 0x549FE58: tlsmc_convert (tls_mc.c:1256)
==30126==    by 0x54A0020: tlsmc_intercept_initialization (tls_mc.c:1303)
==30126==    by 0x5499FBE: ldap_int_tls_init_ctx (tls2.c:208)
==30126==    by 0x549A29C: ldap_pvt_tls_init_def_ctx (tls2.c:298)
==30126==    by 0x549A32A: alloc_handle (tls2.c:313)
==30126==    by 0x549A40B: ldap_int_tls_connect.isra.2 (tls2.c:362)
==30126==    by 0x549B2C5: ldap_int_tls_start (tls2.c:907)
==30126==
==30126== LEAK SUMMARY:
==30126==    definitely lost: 465 bytes in 4 blocks
==30126==    indirectly lost: 0 bytes in 0 blocks
==30126==      possibly lost: 0 bytes in 0 blocks
==30126==    still reachable: 99,032 bytes in 3,088 blocks
==30126==         suppressed: 0 bytes in 0 blocks
==30126== Reachable blocks (those to which a pointer was found) are not shown.
==30126== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==30126==
==30126== For counts of detected and suppressed errors, rerun with: -v
==30126== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)


Version-Release number of selected component (if applicable):
# cat /etc/redhat-release 
Red Hat Enterprise Linux Workstation release 7.5 (Maipo)
# rpm -qa | grep openldap
openldap-devel-2.4.44-13.el7.x86_64
openldap-servers-2.4.44-13.el7.x86_64
openldap-clients-2.4.44-13.el7.x86_64
openldap-debuginfo-2.4.44-13.el7.x86_64
openldap-2.4.44-13.el7.x86_64
# 

How reproducible:
All times

Steps to Reproduce:
1. Mentioned in case description
2.
3.

Actual results:
Valgrind shows memory leaks

Expected results:
openldap library should not report leaks.

Additional info:
For case detials:
https://foobar.gsslab.pnq.redhat.com/02087187/