This version allows the caller to supply their own string buffer where the RPC string will be copied. However, this version is somewhat awkward when the actual size of the string is not known to the caller; causing them to forever guess that the buffer they supply is long enough. The return 'int' value of this function might return a numeric error code to the caller, to indicate that the buffer is too small, etc.
int function(char ** string);
This version allows the function to allocate memory of suitable size for the string, and then return the address of that memory to the caller. Of course, this will require the caller to 'free()' the memory when it is no longer needed. The return 'int' value of this function might return a numeric error code to the caller, to indicate that it could not successfully allocate memory, etc. caller
char * function();
This version allows the function to allocate memory, just as in [2.] above. The difference being that it doesn't return the address of the allocated memory through a parameter. Rather, it returns the address as the value of the function. Error reporting is limited with this version in that it would probably return 'NULL' to indicate an error; which is awkward if there a number of error conditions that might occur, and need to be reported to the caller.