Content-Type: text/plain Content-Transfer-Encoding: 7bit X-RT-Original-Encoding: iso-8859-1 Content-Length: 756 Hello, The attached unified diff against the krb5-1.2.6 source tree fixes a bug in gss_krb5_ccache_name returns a string that has been freed. The gss_krb5_ccache_name function has an "out_name" parameter that is supposed to give the old value of the default ccache name. Unfortunately, before control returns to the caller, gss_krb5_ccache_name calls krb5_cc_set_default_name, which frees the buffer that has just been pointed to by *out_name. The attached patch fixes gss_krb5_ccache_name to strdup the string before returning (and return GSS_S_FAILURE if the strdup fails). It also fixes the only caller of gss_krb5_ccache_name (that I could find in the source tree), which was strdup'ing the result, not to strdup it anymore. Thanks, -- Ben Cox