Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.12.9) with ESMTP id l77KF2HW012891; Tue, 7 Aug 2007 16:15:02 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l77KEu1G027949 for ; Tue, 7 Aug 2007 16:14:56 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l77KEtlh014115 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 7 Aug 2007 16:14:56 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l77KEtU8010934; Tue, 7 Aug 2007 16:14:55 -0400 (EDT) To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #5629] gss_init_sec_context does not release output token buffer when used with spnego mech References: From: Tom Yu Date: Tue, 07 Aug 2007 16:14:55 -0400 In-Reply-To: (The RT System itself via's message of "Mon, 6 Aug 2007 19:43:15 -0400 (EDT)") Message-ID: Lines: 16 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 507 Please try the following patch and let us know if it resolves the output token buffer leak. Index: src/lib/gssapi/spnego/spnego_mech.c =================================================================== --- src/lib/gssapi/spnego/spnego_mech.c (revision 19756) +++ src/lib/gssapi/spnego/spnego_mech.c (revision 19757) @@ -835,6 +835,7 @@ ret = GSS_S_FAILURE; } } + gss_release_buffer(tmpmin, &mechtok_out); if (ret == GSS_S_COMPLETE) { /* * Now, switch the output context to refer to the