illumos gate

# LD_PRELOAD_32=/usr/lib/fs/nfs/libshare_nfs.so.1 UMEM_DEBUG=default dtrace -32 -w -n 'pid$target::main:return {raise(6)} pid$target::nfs_get_root_principal:entry{}' -c "share -o sec=dh,root=@10.0.0.1 /tmp" 
dtrace: description 'pid$target::main:return ' matched 3 probes
dtrace: allowing destructive actions
AUTOFS plugin not installed properly
dtrace: pid 5036 terminated by SIGABRT
CPU     ID                    FUNCTION:NAME
  0  64841     nfs_get_root_principal:entry 

# echo "::findleaks -d" | mdb core
CACHE     LEAKED   BUFCTL CALLER
08075c10       1 080edb08 libc.so.1`strdup+0x2e
------------------------------------------------------------------------
   Total       1 buffer, 24 bytes

umem_alloc_24 leak: 1 buffer, 24 bytes
            ADDR          BUFADDR        TIMESTAMP           THREAD
                            CACHE          LASTLOG         CONTENTS
         80edb08          80eaad0    12cece9bb7800                1
                          8075c10                0                0
                 libumem.so.1`umem_cache_alloc_debug+0x1fe
                 libumem.so.1`umem_cache_alloc+0x18f
                 libumem.so.1`umem_alloc+0x50
                 libumem.so.1`umem_malloc+0x36
                 libc.so.1`strdup+0x2e
                 libshare_nfs.so.1`nfs_get_root_principal+0x80
                 libshare_nfs.so.1`get_rootnames+0xc3
                 libshare_nfs.so.1`fill_security_from_secopts+0x19a
                 libshare_nfs.so.1`nfs_enable_share+0x323
                 libshare.so.1`sa_proto_share+0x24
                 libshare.so.1`sa_enable_share+0xa3
                 sa_legacy_share+0x5f3
                 run_command+0x4c
                 main+0x104
                 _start+0x83

#

The s_rootnames in struct secinfo is an allocated array of pointers to allocated strings. All of that is allocated in get_rootnames() and nfs_get_root_principal() respectively.

During the s_rootnames deallocation we free only the array, but not the particular strings.