When using gss_export_sec_context on a security context that was created
using impersonated credentials, gss_export_sec_context segfaults.  The
problem is that it assumes that if ctx->initiator exists then
ctx->initiator->ad_context exists which doesn't appear to be the case
when impersonated credentials were used. The following changes fixed it
for us. 

--- krb5/src/lib/gssapi/krb5/ser_sctx.c	(revision 41102)
+++ krb5/src/lib/gssapi/krb5/ser_sctx.c	(working copy)
@@ -357,7 +357,7 @@
 
             initiator_name = ctx->initiate ? ctx->here : ctx->there;
 
-            if (initiator_name) {
+            if (initiator_name && initiator_name->ad_context) {
                 kret = krb5_size_opaque(kcontext,
                                         KV5M_AUTHDATA_CONTEXT,
                                         initiator_name->ad_context,
@@ -534,7 +534,7 @@
 
                 initiator_name = ctx->initiate ? ctx->here :
ctx->there;
 
-                if (initiator_name) {
+                if (initiator_name && initiator_name->ad_context) {
                     kret = krb5_externalize_opaque(kcontext,
 
KV5M_AUTHDATA_CONTEXT,
 
initiator_name->ad_context,
@@ -767,6 +767,8 @@
                                                    (krb5_pointer
*)&initiator_name->ad_context,
                                                    &bp,
                                                    &remain);
+                    if (kret == EINVAL)
+                        kret = 0;
                 }
             }
             /* Get trailer */