The enc_padata field that was added to the krb5_enc_kdc_rep_part
structure for 1.7 is being leaked.  Our fix is below.  It looks like the
second change was done in trunk when the S4U changes were merged.

Modified: src/lib/krb5/asn.1/asn1_k_decode.c
===================================================================
--- src/lib/krb5/asn.1/asn1_k_decode.c	2009-10-07 22:25:00 UTC (rev
37774)
+++ src/lib/krb5/asn.1/asn1_k_decode.c	2009-10-07 22:27:28 UTC (rev
37775)
@@ -668,6 +668,7 @@
     krb5_free_last_req(NULL, val->last_req);
     krb5_free_principal(NULL, val->server);
     krb5_free_addresses(NULL, val->caddrs);
+    krb5_free_pa_data(NULL, val->enc_padata);
     val->session = NULL;
     val->last_req = NULL;
     val->server = NULL;

Modified: src/lib/krb5/krb/kfree.c
===================================================================
--- src/lib/krb5/krb/kfree.c	2009-10-07 22:25:00 UTC (rev 37774)
+++ src/lib/krb5/krb/kfree.c	2009-10-07 22:27:28 UTC (rev 37775)
@@ -297,6 +297,7 @@
     krb5_free_last_req(context, val->last_req);
     krb5_free_principal(context, val->server);
     krb5_free_addresses(context, val->caddrs);
+    krb5_free_pa_data(context, val->enc_padata);
     free(val);
 }