From 65caff79a391b024e50a4ed313b06a3794c1031b Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Tue, 11 Jan 2022 11:36:13 -0600
Subject: [PATCH] gss-token: Fix leak

---
 lib/gssapi/gss-token.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/gssapi/gss-token.c b/lib/gssapi/gss-token.c
index 1ead3e15b..65d0e3fda 100644
--- a/lib/gssapi/gss-token.c
+++ b/lib/gssapi/gss-token.c
@@ -443,7 +443,8 @@ accept_one(gss_name_t service, const char *ccname, int negotiate)
         gss_OID          mech_oid;
         gss_ctx_id_t     ctx = GSS_C_NO_CONTEXT;
         gss_buffer_desc  in = GSS_C_EMPTY_BUFFER;
-        gss_buffer_desc  out, dname;
+        gss_buffer_desc  out;
+        gss_buffer_desc  dname = GSS_C_EMPTY_BUFFER;
 	krb5_context	 kctx = NULL;
 	krb5_ccache	 ccache = NULL;
 	krb5_error_code	 kret;
@@ -488,6 +489,7 @@ accept_one(gss_name_t service, const char *ccname, int negotiate)
 	if (!nflag)
 		printf("Authenticated: %.*s\n", (int)dname.length,
 		    (char *)dname.value);
+	(void) gss_release_buffer(&min, &dname);
 
 	if (ccname) {
 #ifdef HAVE_GSS_STORE_CRED_INTO