OS: All Kerberos 5 Version: 1.3.3 The function krb5_get_init_creds_password() leaks memory if wrong password is used. The memory leak happens in krb5_get_init_creds_password() function in src/lib/krb5/krb/gic_pwd.c. Below is the fix: $diff -u src/lib/krb5/krb/gic_pwd.c /tmp/gic_pwd.c.fixed --- src/lib/krb5/krb/gic_pwd.c 2003-08-08 13:46:26.000000000 -0700 +++ /tmp/gic_pwd.c.fixed 2004-04-12 18:07:05.000000000 -0700 @@ -146,6 +146,9 @@ if (!use_master) { use_master = 1; + if (as_reply) + krb5_free_kdc_rep(context, as_reply); + ret2 = krb5_get_init_creds(context, creds, client, prompter, data, start_time, in_tkt_service, options, krb5_get_as_key_password, (void *) &pw0, Lijian Liu Sendmail, Inc. (510)-594-5527