From 7c519d9c34ce771d89042f30c3d73937b57d4161 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 2 Jan 2023 20:38:24 -0600
Subject: [PATCH] negoex: Fix use-after-free

---
 lib/gssapi/spnego/negoex_util.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/gssapi/spnego/negoex_util.c b/lib/gssapi/spnego/negoex_util.c
index aac09d448..dffbfceab 100644
--- a/lib/gssapi/spnego/negoex_util.c
+++ b/lib/gssapi/spnego/negoex_util.c
@@ -87,10 +87,15 @@ static void
 release_all_mechs(gssspnego_ctx ctx, krb5_context context)
 {
     struct negoex_auth_mech *mech, *next;
+    struct negoex_auth_mech *prev = NULL;
 
     HEIM_TAILQ_FOREACH_SAFE(mech, &ctx->negoex_mechs, links, next) {
-	_gss_negoex_release_auth_mech(context, mech);
+	if (prev)
+	    _gss_negoex_release_auth_mech(context, prev);
+	prev = mech;
     }
+    if (prev)
+	_gss_negoex_release_auth_mech(context, mech);
 
     HEIM_TAILQ_INIT(&ctx->negoex_mechs);
 }