I was running valgrind on my program, which among other things, calls
cli_full_connection(). Valgrind reported that I was leaking memory as
a result of a malloc done by the call to data_blob() on line 668 of
cliconnect.c (in the function cli_session_setup_ntlmssp()).

It looks like cli_session_setup_ntlmssp() creates
"DATA_BLOB key" which then only gets used when it is
copied by cli_simple_set_signing(cli, key, null_blob).

Since cli_simple_set_signing doesn't keep a reference to key's
malloced data, and key falls off the stack at the end of
cli_session_setup_ntlmssp(), there no pointer to the data that got
malloced survives the function.

Am I reading this right? Shouldn't cli_session_setup_ntlmssp() free
the key.data buffer before it returns?