--- http_negotiate.c	2013-09-15 17:45:33.715579500 +0530
+++ http_negotiatenew.c	2013-09-15 17:40:22.989510000 +0530
@@ -314,7 +314,7 @@
       Curl_safefree(responseToken);
       ASN1_OBJECT_free(object);
       if(spnegoToken.value)
-        gss_release_buffer(&discard_st, &spnegoToken);
+        Curl_safefree(spnegoToken.value);
       infof(conn->data, "Make SPNEGO Initial Token succeeded (NULL token)\n");
     }
     else {
@@ -332,14 +332,22 @@
                              neg_ctx->output_token.length,
                              &encoded, &len);
   if(error) {
-    gss_release_buffer(&discard_st, &neg_ctx->output_token);
+    #ifdef HAVE_SPNEGO
+	  Curl_safefree(neg_ctx->output_token.value);	
+	#else 
+	  gss_release_buffer(&discard_st, &neg_ctx->output_token);
+	#endif
     neg_ctx->output_token.value = NULL;
     neg_ctx->output_token.length = 0;
     return error;
   }
 
   if(!encoded || !len) {
-    gss_release_buffer(&discard_st, &neg_ctx->output_token);
+    #ifdef HAVE_SPNEGO
+	  Curl_safefree(neg_ctx->output_token.value);	
+	#else 
+	  gss_release_buffer(&discard_st, &neg_ctx->output_token);
+	#endif
     neg_ctx->output_token.value = NULL;
     neg_ctx->output_token.length = 0;
     return CURLE_REMOTE_ACCESS_DENIED;
@@ -368,8 +376,14 @@
   if(neg_ctx->context != GSS_C_NO_CONTEXT)
     gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);
 
-  if(neg_ctx->output_token.value)
-    gss_release_buffer(&minor_status, &neg_ctx->output_token);
+  if(neg_ctx->output_token.value) {
+    #ifdef HAVE_SPNEGO
+		Curl_safefree(neg_ctx->output_token.value);
+	#else
+		if(neg_ctx->output_token.value)
+			gss_release_buffer(&minor_status, &neg_ctx->output_token);
+	#endif
+  }
 
   if(neg_ctx->server_name != GSS_C_NO_NAME)
     gss_release_name(&minor_status, &neg_ctx->server_name);