Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-RT-Original-Encoding: us-ascii Content-Length: 1928 Memory leak in version 1.9.1. See comments prefixed with "GJM:" krb5-1.9.1/src/lib/gssapi/krb5/init_sec_context.c#2 #ifdef CFX_EXERCISE #include "../../krb5/krb/auth_con.h" #endif static krb5_error_code KRB5_CALLCONV make_gss_checksum (krb5_context context, krb5_auth_context auth_context, void *cksum_data, krb5_data **out) { krb5_error_code code; krb5_int32 con_flags; unsigned char *ptr; struct gss_checksum_data *data = cksum_data; ... /* * RFC 4121 4.1.1 specifies forwarded credentials must be encrypted in * the session key, but krb5_fwd_tgt_creds will use the send subkey if * it's set in the auth context. Suppress the send subkey * temporarily. */ GJM: This refcount on the key is one. This line increases it to two . krb5_auth_con_getsendsubkey_k(context, auth_context, &send_subkey); GJM: This decrements the refcount back to one. krb5_auth_con_setsendsubkey_k(context, auth_context, NULL); code = krb5_fwd_tgt_creds(context, auth_context, 0, data->cred->name->princ, data->ctx->there->princ, data->cred->ccache, 1, &credmsg); /* Turn KRB5_AUTH_CONTEXT_DO_TIME back on and reset the send subkey. */ krb5_auth_con_setflags(context, auth_context, con_flags); GJM: This increases the ref count back to two. krb5_auth_con_setsendsubkey_k(context, auth_context, send_subkey); GJM: This is the line that need to be added to fix the leak. This line to puts the refcount back to one since send_subkey is on the stack and goes out of scope the only reference left is in the context so the refcount should be one not two krb5_k_free_key(context, send_subkey); <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ADD THIS LINE TO FIX THE LEAK Thanks Greg