From 2c6505e0ef9c0368e9acbef5662eb15e43328b65 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Oct 2025 16:51:55 +0200
Subject: [PATCH] krb5_gssapi: fix memory leak on error path

If a non-compliant amount of bytes is received, the function would
return error without free.

Reported-by: Joshua Rogers
Closes #18976
---
 lib/vauth/krb5_gssapi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index 70144e5514..a414d0a359 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -225,6 +225,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
   /* Not 4 octets long so fail as per RFC4752 Section 3.1 */
   if(output_token.length != 4) {
     infof(data, "GSSAPI handshake failure (invalid security data)");
+    gss_release_buffer(&unused_status, &output_token);
     return CURLE_BAD_CONTENT_ENCODING;
   }