From 674696151af020f0241c74073b2be5a50237a9b3 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 5 Dec 2022 23:01:32 -0600
Subject: [PATCH] gss-token: Fix acceptor context leak

---
 lib/gssapi/gss-token.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/gssapi/gss-token.c b/lib/gssapi/gss-token.c
index f3f90521c..a4c02967c 100644
--- a/lib/gssapi/gss-token.c
+++ b/lib/gssapi/gss-token.c
@@ -472,8 +472,13 @@ accept_one(gss_name_t service, const char *ccname, int negotiate)
 		    NULL, NULL, &deleg_creds);
 
 		ret = write_and_free_token(&out, negotiate);
-		if (ret)
+		if (ret) {
+			OM_uint32 junk;
+
+			(void) gss_delete_sec_context(&junk, &ctx,
+						      GSS_C_NO_BUFFER);
 			return ret;
+		}
 		GBAIL("gss_accept_sec_context", maj, min);
 	} while (maj & GSS_S_CONTINUE_NEEDED);
 
@@ -491,6 +496,7 @@ accept_one(gss_name_t service, const char *ccname, int negotiate)
 		    (char *)dname.value);
 	(void) gss_release_buffer(&min, &dname);
 	(void) gss_release_name(&min, &client);
+	(void) gss_delete_sec_context(&min, &ctx, GSS_C_NO_BUFFER);
 
 	if (ccname) {
 #ifdef HAVE_GSS_STORE_CRED_INTO