I've been delving all over the Heimdal source, I and think this function can perform an invalid free() if the calling application has not cleared out the error buffer (by calling gss_display_status() and therefore gssapi_krb5_get_error_string()) before the next error is recorded. There seems to be some general confusion in the libs as to if this string should be allocated, or if it is static storage on a context somewhere. Note that gssapi_krb5_get_error_string() does not free() the string before assigning the pointer to NULL, and neither does krb5_get_error_string(). Is there a document in which the correct semantics for the error string handling is recorded, at least so I can figure out what the correct fix should be? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part