2 files changed, 9 insertions, 4 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 50d2cbdd7c..ecd749b997 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,6 +1,8 @@
 Fri Jan 19 10:45:29 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
 	* krshd.c (recvauth): Verify checksum against command line and remote user.
+	(recvauth): Fix accidental memory leak with authenticator and fix
+	include correct username in checksum
 
 	* kcmd.c: Send authenticator with checksum of command line and remote user.
 
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index 29fc757544..77d5fa4524 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -1709,7 +1709,7 @@ krb5_authenticator *authenticator;
     goto error_cleanup;
 
       strcpy(chksumbuf,cmdbuf);
-      strcat(chksumbuf,remuser);
+      strcat(chksumbuf,locuser);
 
       if ( status = krb5_verify_checksum(bsd_context,
 					 authenticator->checksum->checksum_type,
@@ -1720,11 +1720,14 @@ krb5_authenticator *authenticator;
 	goto error_cleanup;
 
  error_cleanup:
-krb5_free_authenticator(bsd_context, authenticator);
 krb5_xfree(chksumbuf);
-if (status)
-  return status;
+      if (status) {
+	krb5_free_authenticator(bsd_context, authenticator);
+	return status;
+      }
 }
+    krb5_free_authenticator(bsd_context, authenticator);
+
     
     /* Setup eblock for encrypted sessions. */
     krb5_use_enctype(bsd_context, &eblock, ticket->enc_part2->session->enctype);