krb5-gssapi: Delete the GSS-API context.

This fixes a memory leak related to the GSS-API code.

Added a krb5_init and krb5_end functions. Also removed a work-around
the lack of proper initialization of the GSS-API context.

lib/ftp.c

@@ -3860,6 +3860,10 @@ static CURLcode ftp_disconnect(struct connectdata *conn)
 
   Curl_pp_disconnect(pp);
 
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  Curl_sec_end(conn);
+#endif
+
   return CURLE_OK;
 }
 

lib/krb5.c

@@ -75,10 +75,19 @@
 #define LOCAL_ADDR (&conn->local_addr)
 #define REMOTE_ADDR conn->ip_addr->ai_addr
 
+static int
+krb5_init(void *app_data)
+{
+  gss_ctx_id_t *context = app_data;
+  /* Make sure our context is initialized for krb5_end. */
+  *context = GSS_C_NO_CONTEXT;
+  return 0;
+}
+
 static int
 krb5_check_prot(void *app_data, int level)
 {
-  app_data = NULL; /* prevent compiler warning */
+  (void)app_data; /* unused */
   if(level == prot_confidential)
     return -1;
   return 0;
@@ -309,12 +318,22 @@ krb5_auth(void *app_data, struct connectdata *conn)
   }
 }
 
+static void krb5_end(void *app_data)
+{
+    OM_uint32 maj, min;
+    gss_ctx_id_t *context = app_data;
+    if (*context != GSS_C_NO_CONTEXT) {
+      maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
+      DEBUGASSERT(maj == GSS_S_COMPLETE);
+    }
+}
+
 struct Curl_sec_client_mech Curl_krb5_client_mech = {
     "GSSAPI",
     sizeof(gss_ctx_id_t),
-    NULL, /* init */
+    krb5_init,
     krb5_auth,
-    NULL, /* end */
+    krb5_end,
     krb5_check_prot,
     krb5_overhead,
     krb5_encode,