--- a/usr/src/lib/gss_mechs/mech_spnego/mech/spnego_mech.c	Wed Oct 13 13:28:06 2010 -0700
+++ b/usr/src/lib/gss_mechs/mech_spnego/mech/spnego_mech.c	Wed Oct 13 19:45:07 2010 -0700
@@ -1248,7 +1248,7 @@
 					&hintNameBuf,
 					&hintNameType);
 	if (major_status != GSS_S_COMPLETE) {
-		gss_release_name(&minor, &hintName);
+		gss_release_name(&minor, &hintKerberosName);
 		return (major_status);
 	}
 	gss_release_name(&minor, &hintKerberosName);

--- a/usr/src/lib/libbsm/common/adt.c	Wed Oct 13 13:28:06 2010 -0700
+++ b/usr/src/lib/libbsm/common/adt.c	Wed Oct 13 19:45:07 2010 -0700
@@ -204,11 +204,12 @@
 			free(pwd_buff);
 			return (-1);
 		}
-		free(pwd_buff);
 		if (au_user_mask(pwd.pw_name, mask)) {
+			free(pwd_buff);
 			errno = EFAULT; /* undetermined failure */
 			return (-1);
 		}
+		free(pwd_buff);
 	} else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
 			return (-1);
 	}

--- a/usr/src/lib/libgss/g_accept_sec_context.c	Wed Oct 13 13:28:06 2010 -0700
+++ b/usr/src/lib/libgss/g_accept_sec_context.c	Wed Oct 13 19:45:07 2010 -0700
@@ -223,6 +223,8 @@
 		 * First call the mechanism specific display_name()
 		 * then call gss_import_name() to create
 		 * the union name struct cast to src_name
+		 * NB: __gss_convert_name_to_union_name will
+		 * "consume" (free) the name.
 		 */
 		if (internal_name != NULL) {
 			temp_status = __gss_convert_name_to_union_name(
@@ -235,11 +237,6 @@
 					(void) gss_release_buffer(
 						&t_minstat,
 						output_token);
-				if (internal_name != GSS_C_NO_NAME)
-					mech->gss_release_name(
-						mech->context,
-						&t_minstat,
-						&internal_name);
 				return (temp_status);
 			}
 			if (src_name != NULL) {