Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Length: 1686
     >Submitter-Id:	?
     >Originator:	Chris Long
     >Organization:     Next Century
     >Confidential:	no
     >Synopsis:	gss_add_cred_from does not free credential if passed GSS_C_NO_CREDENTIAL and is successful
     >Severity:	non-critical
     >Priority:	low
     >Category:	krb5-lib
     >Class:	sw-bug
     >Release:	1.16.1
     >System: Linux pc-5000-cl 4.13.0-43-generic #48~16.04.1-Ubuntu SMP Thu May 17 12:56:46 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
     >Machine: x86_64
     >Description:
              The function gss_add_cred_from, in g_acquire_cred.c, allocates
              union_cred if passed GSS_C_NO_CREDENTIAL for the
              input_cred_handle (line 399). However, it only frees this in the
              error condition (line 560). On success, this space is never
              freed.

     >How-To-Repeat:
              Call gss_ad_cred_from with GSS_C_NO_CREDENTIAL. Valgrind will
              report a memory leak.

     >Fix:
              Copy the free-ing code (lines 559-560) to the success
              condition (e.g., line 529).