Memory leak in gss_init_sec_context when using spnego mechanism

Markus Moeller huaraz at
Mon Aug 6 19:41:36 EDT 2007

Thank you for confirming. I send two bug reports.


"Tom Yu" <tlyu at> wrote in message 
news:ldv7io89vzp.fsf at
>>>>>> "Markus" == Markus Moeller <huaraz at> writes:
> Markus> Did anybody have a chance to confirm my finding ?
> Sorry, I've been rather busy recently.  I did look and discover there
> are possibly multiple issues involved.  Your test program calls
> gss_delete_sec_context() on a context that is probably partially
> established.  This is probably a code path that is not well-exercised.
> Thank you for bringing it to our attention.
> 1. It does appear that when the SPNEGO mechanism calls
>   gss_init_sec_context(), it does not release the output token
>   buffer.
> 2. It also appears that in spnego_gss_delete_sec_context(), if a
>   partially established context is deleted, the inner mechanism's
>   context (actually a mechglue-wrapped context) does not get deleted.
> I'm not sure if there are other bugs revealed by your test case.  For
> now, would you please open bugs for the above two issues?  Or if you
> prefer, I can open the bugs.  Thanks.
> ---Tom
> _______________________________________________
> krbdev mailing list             krbdev at

More information about the krbdev mailing list