gss_get_name_attribute() can return unintialized pac_display_buffer and later gss_release_buffer() will crash on attempting to release it. The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514 http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087 We need to initialize variables before using gss_get_name_attribute() Patch for 3.6 is attached. The problem was introduced with commit 1bb6b841 and affects all 3.6 releases: $ git tag --contains 1bb6b841 samba-3.6.0 samba-3.6.0rc1 samba-3.6.0rc2 samba-3.6.0rc3 samba-3.6.1 samba-3.6.2 samba-3.6.3 samba-3.6.4 samba-3.6.5
Created attachment 7633 [details] proposed fix based on the fix in master
Comment on attachment 7633 [details] proposed fix based on the fix in master looks good
Karolin, please add to 3.6.x. Thanks
Pushed to v3-6-test. Closing out bug report. Thanks!