In https://github.com/krb5/krb5/blob/master/src/kdc/do_as_req.c at line
848 there is:
e_data = calloc(count + 2, sizeof(*e_data));
and later starting at line 861:
if (retval)
return retval;
Looks like e_data can be leaked at that return.