Hi, while doing some work with Address Sanitizer, I noticed what appears to be a memory leak in the DIGEST-MD5 client mechanism.
In digestmd5_client_mech_step1, on line 4257, is seems that the mechanism may allocate a new string on text->realm. Then, in digestmd5_client_mech_step2 on line 4333, it seems that text->realm can be replaced by a realm obtained from the server. But, if this memory was allocated on line 4257, then it seems that it is never freed. Line numbers taken from current master at commit 76dd88987eb7a916cc56585ccf38232c646483d8. Adding the line if (text->realm) params->utils->free(text->realm); to digestmd5_client_mech_step2 before setting the realm seems to have addressed the issues raised by Address Sanitizer for me. Does this look legitimate? Spencer
