--- http_negotiate.c.orig	2008-02-27 16:43:39.000000000 +0200
+++ http_negotiate.c	2008-02-27 16:43:45.000000000 +0200
@@ -309,7 +309,7 @@
     aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
             neg_ctx->protocol, encoded);
   free(encoded);
-  gss_release_buffer(&minor_status, &neg_ctx->output_token);
+  Curl_cleanup_negotiate (conn->data);
   return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
 }
 
--- http.c.orig	2008-02-27 16:44:59.000000000 +0200
+++ http.c	2008-02-27 16:44:50.000000000 +0200
@@ -2347,6 +2347,12 @@
                   te
                 );
 
+    /* free userpwd now --- cannot reuse this for Negotiate and possibly NTLM */
+    /* with basic and digest, it will be freed anyway by the next request */
+
+    Curl_safefree (conn->allocptr.userpwd);
+    conn->allocptr.userpwd = NULL;
+
     if(result)
       return result;