diff --git a/src/backend/libpq/be-secure-gssapi.c b/src/backend/libpq/be-secure-gssapi.c
index c25cfda0db1..64427f185bb 100644
--- a/src/backend/libpq/be-secure-gssapi.c
+++ b/src/backend/libpq/be-secure-gssapi.c
@@ -215,6 +215,9 @@ be_gssapi_write(Port *port, void *ptr, size_t len)
 
 		memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
 		PqGSSSendLength += output.length;
+
+		/* Release buffer storage allocated by GSSAPI */
+		gss_release_buffer(&minor, &output);
 	}
 
 	/* If we get here, our counters should all match up. */
@@ -371,6 +374,7 @@ be_gssapi_read(Port *port, void *ptr, size_t len)
 		/* Our receive buffer is now empty, reset it */
 		PqGSSRecvLength = 0;
 
+		/* Release buffer storage allocated by GSSAPI */
 		gss_release_buffer(&minor, &output);
 	}
 
@@ -590,7 +594,10 @@ secure_open_gssapi(Port *port)
 				 */
 				if (ret < 0 &&
 					!(errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR))
+				{
+					gss_release_buffer(&minor, &output);
 					return -1;
+				}
 
 				/* Wait and retry if we couldn't write yet */
 				if (ret <= 0)
diff --git a/src/interfaces/libpq/fe-secure-gssapi.c b/src/interfaces/libpq/fe-secure-gssapi.c
index 9fd06eabd2f..1994e9f6150 100644
--- a/src/interfaces/libpq/fe-secure-gssapi.c
+++ b/src/interfaces/libpq/fe-secure-gssapi.c
@@ -232,6 +232,9 @@ pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
 
 		memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length);
 		PqGSSSendLength += output.length;
+
+		/* Release buffer storage allocated by GSSAPI */
+		gss_release_buffer(&minor, &output);
 	}
 
 	/* If we get here, our counters should all match up. */
@@ -241,6 +244,7 @@ pg_GSS_write(PGconn *conn, const void *ptr, size_t len)
 	ret = bytes_sent;
 
 cleanup:
+	/* Release GSSAPI buffer storage, if we didn't already */
 	if (output.value != NULL)
 		gss_release_buffer(&minor, &output);
 	return ret;
@@ -408,12 +412,14 @@ pg_GSS_read(PGconn *conn, void *ptr, size_t len)
 		/* Our receive buffer is now empty, reset it */
 		PqGSSRecvLength = 0;
 
+		/* Release buffer storage allocated by GSSAPI */
 		gss_release_buffer(&minor, &output);
 	}
 
 	ret = bytes_returned;
 
 cleanup:
+	/* Release GSSAPI buffer storage, if we didn't already */
 	if (output.value != NULL)
 		gss_release_buffer(&minor, &output);
 	return ret;
@@ -652,6 +658,7 @@ pqsecure_open_gss(PGconn *conn)
 		gss_release_cred(&minor, &conn->gcred);
 		conn->gcred = GSS_C_NO_CREDENTIAL;
 		conn->gssenc = true;
+		gss_release_buffer(&minor, &output);
 
 		/*
 		 * Determine the max packet size which will fit in our buffer, after
@@ -676,6 +683,7 @@ pqsecure_open_gss(PGconn *conn)
 	{
 		pg_GSS_error(libpq_gettext("GSSAPI context establishment error"),
 					 conn, major, minor);
+		gss_release_buffer(&minor, &output);
 		return PGRES_POLLING_FAILED;
 	}
 
@@ -690,6 +698,7 @@ pqsecure_open_gss(PGconn *conn)
 
 	/* We don't bother with PqGSSSendConsumed here */
 
+	/* Release buffer storage allocated by GSSAPI */
 	gss_release_buffer(&minor, &output);
 
 	/* Ask to be called again to write data */