An attempt to free v5tkt further down will corrupt the heap if we don't reset the enc_part2 pointer when we free it ourselves. Apparently introduced as part of the fix for MITKRB5-SA-2003-004. --- krb5-1.2.7/src/krb524/krb524d.c 2003-03-31 21:35:03.000000000 -0500 +++ krb5-1.2.7/src/krb524/krb524d.c 2003-03-31 21:35:46.000000000 -0500 @@ -535,8 +535,10 @@ printf("v4 credentials encoded\n"); error: - if (v5tkt->enc_part2) + if (v5tkt->enc_part2) { krb5_free_enc_tkt_part(context, v5tkt->enc_part2); + v5tkt->enc_part2 = NULL; + } if(v5_service_key.contents) krb5_free_keyblock_contents(context, &v5_service_key);