Fix bug 5419: memory leak in ads_do_search_all_args() when enumerating 1000s of entries

The ads_do_search_all_args() function attempts to string together several
LDAPMessage structures, returned across several paged ldap requests, into a
single LDAPMessage structure.  It does this by pulling entries off the second
LDAPMessage structure and appending them to the first via the OpenLDAP specific
ldap_add_result_entry() call.

The problem with this approach is it skips non-entry messages such as the
result, and controls.  These messages are leaked.

The short term solution as suggested by Volker is to replace the ads_*_entry()
calls with ads_*_message() calls so we don't leak any messages.

This fixes the leak but doesn't remove the dependence on the OpenLDAP specific
implementation of ldap_add_result_entry().
(cherry picked from commit fe9f48bfe8d31812d9644682903c04f1e93c2987)

1 files changed, 2 insertions, 0 deletions

diff --git a/source/include/ads_protos.h b/source/include/ads_protos.h
index 738df3ed40c..a372010b796 100644
--- a/source/include/ads_protos.h
+++ b/source/include/ads_protos.h
@@ -89,6 +89,8 @@ ADS_STATUS ads_search_retry_sid(ADS_STRUCT *ads, LDAPMessage **res,
 
 LDAPMessage *ads_first_entry(ADS_STRUCT *ads, LDAPMessage *res);
 LDAPMessage *ads_next_entry(ADS_STRUCT *ads, LDAPMessage *res);
+LDAPMessage *ads_first_message(ADS_STRUCT *ads, LDAPMessage *res);
+LDAPMessage *ads_next_message(ADS_STRUCT *ads, LDAPMessage *res);
 void ads_process_results(ADS_STRUCT *ads, LDAPMessage *res,
 			 bool (*fn)(ADS_STRUCT *,char *, void **, void *),
 			 void *data_area);