我正在编写一个示例程序,使用STARTTLS连接到LDAP服务器。我能够使用STARTTLS连接和验证用户,但它在程序中给出了内存泄漏。 示例程序:
#define LDAP_DEPRECATED 1
#include <stdio.h>
#include <ldap.h>
#define BIND_DN "cn=xxxx,dc=xxxx,dc=com"
#define BIND_PW "xxxxx"
main() {
LDAP *ld;
int rc;
int reqcert = LDAP_OPT_X_TLS_DEMAND;
int version = LDAP_VERSION3;
int ret(0);
if (ldap_initialize (&ld, "ldap://xxxxxxx.xxxxxxxx.com:389")) {
perror("ldap_init"); /* no error here */
return(1);
}
ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version);
ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, "/vagrant/workspace/ca_certs.pem");
rc=ldap_start_tls_s(ld, NULL, NULL);
fprintf(stderr, "ldap_start_tls_s: %d\n", rc );
if(rc != LDAP_SUCCESS){
fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc) );
ldap_unbind_ext(ld, NULL, NULL);
return( 1 );
}
rc = ldap_bind_s(ld, BIND_DN, BIND_PW, LDAP_AUTH_SIMPLE);
fprintf(stderr, "ldap_simple_bind_s: %d\n", rc );
if( rc != LDAP_SUCCESS )
{
fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc) );
return( 1 );
}
printf("Initial Authentication successful\n");
ldap_unbind_ext(ld, NULL, NULL);
}
编译命令:
g ++ -o sample_tls sample_tls.cpp -I./include -L./lib -lldap
要运行的命令:
valgrind --leak-check = full --log-file =。/ leak_tls.log ./sample_tls
内存泄漏:
27 bytes in 1 blocks are definitely lost in loss record 30 of 72
==19231== at 0x4A06A2E: malloc (vg_replace_malloc.c:270)
==19231== by 0x35E7E016EB: PL_strdup (in /lib64/libplc4.so)
==19231== by 0x35F0E38CAB: ??? (in /lib64/libldap-2.4.so.2.10.3)
==19231== by 0x35F0E35B37: ldap_int_tls_start (in /lib64/libldap-2.4.so.2.10.3)
==19231== by 0x35F0E35C4D: ldap_start_tls_s (in /lib64/libldap-2.4.so.2.10.3)
==19231== by 0x400ACE: main (in /vagrant/workspace/ldapsample/sample_tls)
看起来它在取消绑定后没有停止TLS连接。 任何帮助表示赞赏。