Patch from Riverbed (Derrick Pallas) under the license of the files they are in:

Fix resource leak in heimdal/krb5/fcache/fcc_remove_cred
	In fcache, fcc_remove_cred generates a ccache called
	"newfile," which is not cleaned up if the final call
	(krb5_cc_move) fails.

Free of uninitialized value in fcache/fcc_move(...)
	If init_fcc fails to acquire a file handle, sp will be
	uninitialized. If this is the case, the call to
	krb5_storage_free will dereference this uninitialized value,
	which causes undefined behaviour.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24944 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/krb5/fcache.c

@@ -770,7 +770,13 @@ fcc_remove_cred(krb5_context context,
 	return ret;
     }
 
-    return krb5_cc_move(context, newfile, id);
+    ret = krb5_cc_move(context, newfile, id);
+    if (ret) {
+	krb5_cc_destroy(context, newfile);
+	return ret;
+    }
+    
+    return ret;
 }
 
 static krb5_error_code
@@ -914,7 +920,8 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
 	krb5_storage *sp;
 	int fd;
 	ret = init_fcc (context, to, &sp, &fd);
-	krb5_storage_free(sp);
+	if (sp)
+	    krb5_storage_free(sp);
 	fcc_unlock(context, fd);
 	close(fd);
     }