At line 479 of ldapclient.c in client_build_req(), the error return
leaks ldap_attrs (CID 1340544).  It looks like this can happen if
the first utoa() call in aldap_get_stringset() fails.  It looks like
other leaks can happen if other utoa() calls fail since scanning
this array when it is freed stops when the first NULL is
encountered.  This diff fixes these problems by not storing NULL in
the array when utoa() fails, and freeing ret and returning NULL if
nothing is stored in the array.  That way the caller will never see
the ldap_attrs[0] == NULL case.  Alternatively aldap_get_stringset()
could clean up and return NULL if any utoa() calls fail.
 
The ber_printf_element() calls ber_free_elements() on its ber
argument and returns NULL on failure.  When each of its callers
detects failure, they do a goto fail, which then calls
ber_free_elements() with the same pointer (CID 1340543).  It looks
like the cleanest fix is to delete the ber_free_elements() from
ber_printf_element().