Summary

When a mongo client is created with connection string having an invalid port, and with serverSelectionTryOnce=false. The string scram->auth_message is overwritten during the retry attempt and it leads to memory leak.

This was detected using Visual Leak Detector.

Environment

C driver version 1.23.2

Windows 10 64-bit x86

Compiled the C driver with VS2022 which is probably not a support VS version but the issue should be reproducible with lower versions of VS too.

#define MONGOC_ENABLE_CRYPTO 1

All settings are default settings while compiling the driver.

A MongoDB server is not required to see the memory leak.

How to Reproduce

An example code to reproduce this issue is given after the steps

1. Create a mongo client with connection string having login details of a user to be authenticated with SCRAM 256. The connection string should have serverSelectionTryOnce=false, and should have a port on which no server is running so that the mongoc would retry connection.
2. Run a simple ping command using mongoc_client_command_simple()
3. Observe that the string scram->auth_message is overwritten during the retry without being freed up first.

mongoc_client_t* test_client = mongoc_client_new("mongodb://userName:userPwd@validHostname:invalidPort/DbName?serverSelectionTryOnce=false");
bson_t reply, *command = BCON_NEW("ping", BCON_INT32(1));
bool retval = mongoc_client_command_simple(client, "admin", command, NULL, &reply, &error);

Additional Background

Please see Visual Leak Detector call stack in the attached text file.