userauth_gssapi allocates a bit of memory for the authctxt->methoddata pointer but doesn't clean up. Side issue: userauth_gssapi is also using two function-static variables. One of these leaks. The other one makes prevents reusability (e.g. porting to OO languages) because there is no way to reset it. They should be moved to authctxt.
Another side issue: some gssapi-userauth related functions could be made static and there is a function prototype (input_gssapi_hash) that is no longer used.
Created attachment 3221 [details] patch to fix memory leak and side issues.
The initial patch now breaks after other patches (old packet api) were applied to v7.9. I'm attaching a new patch. It also slightly changes the pubkey_cleanup, adding it to the method table as a cleanup handler, rather than calling it explicitely.
Created attachment 3234 [details] Fixed patch for v7.9 after opacket removal applies again to current v7.9 (portable)
Put on list for 8.0
This has been committed and will be in the 8.0 release - thanks.
Move resolved bugs -> CLOSED after 8.0 release