diff --git a/lib/gssapi/mech/gss_cred.c b/lib/gssapi/mech/gss_cred.c
index 99de68776..f2cfb79b9 100644
--- a/lib/gssapi/mech/gss_cred.c
+++ b/lib/gssapi/mech/gss_cred.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * Copyright (c) 2017 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
@@ -51,6 +51,7 @@ gss_export_cred(OM_uint32 * minor_status,
     struct _gss_mechanism_cred *mc;
     gss_buffer_desc buffer;
     krb5_error_code ret;
+    krb5_ssize_t bytes;
     krb5_storage *sp;
     OM_uint32 major;
     krb5_data data;
@@ -84,8 +85,8 @@ gss_export_cred(OM_uint32 * minor_status,
 	    return major;
 	}
 
-	ret = krb5_storage_write(sp, buffer.value, buffer.length);
-	if (ret < 0 || (size_t)ret != buffer.length) {
+	bytes = krb5_storage_write(sp, buffer.value, buffer.length);
+	if (bytes < 0 || (size_t)bytes != buffer.length) {
 	    gss_release_buffer(minor_status, &buffer);
 	    krb5_storage_free(sp);
 	    *minor_status = EINVAL;
diff --git a/lib/hdb/hdb-mitdb.c b/lib/hdb/hdb-mitdb.c
index 4e4fcdc58..188f62268 100644
--- a/lib/hdb/hdb-mitdb.c
+++ b/lib/hdb/hdb-mitdb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2017 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
@@ -951,7 +951,7 @@ mdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
     krb5_data kdb_ent = { 0, 0 };
     krb5_data key = { 0, 0 };
     krb5_data value = { 0, 0 };
-    ssize_t sz;
+    krb5_ssize_t sz;
 
     if ((flags & HDB_F_PRECHECK) && (flags & HDB_F_REPLACE))
         return 0;
@@ -977,7 +977,7 @@ mdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
     if (ret) goto out;
     sz = krb5_storage_write(sp, "\n", 2); /* NUL-terminate */
     ret = ENOMEM;
-    if (sz == -1) goto out;
+    if (sz != 2) goto out;
     ret = krb5_storage_to_data(sp, &line);
     if (ret) goto out;
 
@@ -1278,7 +1278,7 @@ _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
     krb5_error_code ret = EINVAL;
     char *p = line, *q;
     char *princ;
-    ssize_t sz;
+    krb5_ssize_t sz;
     size_t i;
     size_t princ_len;
     unsigned int num_tl_data;
@@ -1374,7 +1374,7 @@ _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
     ret = krb5_store_uint16(sp, princ_len);
     if (ret) return ret;
     sz = krb5_storage_write(sp, princ, princ_len);
-    if (sz == -1) return ENOMEM;
+    if (sz != princ_len) return ENOMEM;
 
     /* scan and write TL data */
     for (i = 0; i < num_tl_data; i++) {
@@ -1407,7 +1407,7 @@ _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
                 return EINVAL;
             sz = krb5_storage_write(sp, buf, tl_length);
             free(buf);
-            if (sz == -1) return ENOMEM;
+            if (sz != tl_length) return ENOMEM;
         } else {
             if (strcmp(nexttoken(&p, 0, "'-1' field"), "-1") != 0) return EINVAL;
         }
@@ -1450,7 +1450,7 @@ _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
                     return EINVAL;
                 sz = krb5_storage_write(sp, buf, keylen);
                 free(buf);
-                if (sz == -1) return ENOMEM;
+                if (sz != keylen) return ENOMEM;
             } else {
                 if (strcmp(nexttoken(&p, 0,
                                      "'-1' zero-length key/salt field"),
diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c
index a284fd3e5..8a9a2ba53 100644
--- a/lib/kadm5/log.c
+++ b/lib/kadm5/log.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2017 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
@@ -911,9 +911,11 @@ kadm5_log_flush(kadm5_server_context *context, krb5_storage *sp)
     len = data.length;
     bytes = krb5_storage_write(sp, data.data, len);
     krb5_data_free(&data);
-    if (bytes < 0) {
+    if (bytes != len) {
         krb5_storage_free(sp);
-	return errno;
+        ret = bytes == -1 ? errno : KADM5_LOG_CORRUPT;
+        krb5_warn(context->context, ret, "short write to iprop log file");
+	return ret;
     }
     if (bytes != (krb5_ssize_t)len) {
         krb5_storage_free(sp);
@@ -938,6 +940,7 @@ kadm5_ret_t
 kadm5_log_create(kadm5_server_context *context, hdb_entry *entry)
 {
     krb5_storage *sp;
+    krb5_ssize_t bytes;
     kadm5_ret_t ret;
     krb5_data value;
     hdb_entry_ex ent;
@@ -975,9 +978,9 @@ kadm5_log_create(kadm5_server_context *context, hdb_entry *entry)
     if (ret == 0)
         ret = krb5_store_uint32(sp, value.length);
     if (ret == 0) {
-        if (krb5_storage_write(sp, value.data, value.length) !=
-            (krb5_ssize_t)value.length)
-            ret = errno;
+        bytes = krb5_storage_write(sp, value.data, value.length);
+        if (bytes != (krb5_ssize_t)value.length)
+            ret = bytes == -1 ? errno : ENOMEM;
     }
     if (ret == 0)
         ret = krb5_store_uint32(sp, value.length);
@@ -1140,6 +1143,7 @@ kadm5_log_rename(kadm5_server_context *context,
 		 hdb_entry *entry)
 {
     krb5_storage *sp;
+    krb5_ssize_t bytes;
     kadm5_ret_t ret;
     uint32_t len = 0;   /* So dumb compilers don't warn */
     off_t end_off = 0;  /* Ditto; this allows de-indentation by two levels */
@@ -1206,9 +1210,9 @@ kadm5_log_rename(kadm5_server_context *context,
         ret = krb5_store_principal(sp, source);
     if (ret == 0) {
         errno = 0;
-        if (krb5_storage_write(sp, value.data, value.length) !=
-            (krb5_ssize_t)value.length)
-            ret = errno ? errno : EIO;
+        bytes = krb5_storage_write(sp, value.data, value.length);
+        if (bytes != (krb5_ssize_t)value.length)
+            ret = bytes == -1 ? errno : ENOMEM;
     }
     if (ret == 0) {
         end_off = krb5_storage_seek(sp, 0, SEEK_CUR);
@@ -1307,6 +1311,7 @@ kadm5_log_modify(kadm5_server_context *context,
 		 uint32_t mask)
 {
     krb5_storage *sp;
+    krb5_ssize_t bytes;
     kadm5_ret_t ret;
     krb5_data value;
     uint32_t len;
@@ -1350,9 +1355,9 @@ kadm5_log_modify(kadm5_server_context *context,
     if (ret == 0)
         ret = krb5_store_uint32(sp, mask);
     if (ret == 0) {
-        if (krb5_storage_write(sp, value.data, value.length) !=
-            (krb5_ssize_t)value.length)
-            ret = errno;
+        bytes = krb5_storage_write(sp, value.data, value.length);
+        if (bytes != (krb5_ssize_t)value.length)
+            ret = bytes == -1 ? errno : ENOMEM;
     }
     if (ret == 0)
         ret = krb5_store_uint32(sp, len);
@@ -2523,8 +2528,8 @@ kadm5_log_truncate(kadm5_server_context *context, size_t keep, size_t maxbytes)
         ret = krb5_store_uint32(sp, 0);             /* end of trailer */
     if (ret == 0) {
         bytes = krb5_storage_write(sp, entries.data, entries.length);
-        if (bytes == -1)
-            ret = errno;
+        if (bytes != entries.length)
+            ret = bytes == -1 ? errno : EIO;
     }
     if (ret == 0)
         ret = krb5_storage_fsync(sp);
diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c
index 41eb2d13a..c0ac73239 100644
--- a/lib/krb5/fcache.c
+++ b/lib/krb5/fcache.c
@@ -546,24 +546,34 @@ fcc_initialize(krb5_context context,
 	    f->version = context->fcache_vno;
 	else
 	    f->version = KRB5_FCC_FVNO_4;
-	ret |= krb5_store_int8(sp, 5);
-	ret |= krb5_store_int8(sp, f->version);
+        if (ret == 0)
+            ret = krb5_store_int8(sp, 5);
+        if (ret == 0)
+            ret = krb5_store_int8(sp, f->version);
 	storage_set_flags(context, sp, f->version);
 	if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
 	    /* V4 stuff */
 	    if (context->kdc_sec_offset) {
-		ret |= krb5_store_int16 (sp, 12); /* length */
-		ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
-		ret |= krb5_store_int16 (sp, 8); /* length of data */
-		ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
-		ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
+                if (ret == 0)
+                    ret = krb5_store_int16 (sp, 12); /* length */
+                if (ret == 0)
+                    ret = krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
+                if (ret == 0)
+                    ret = krb5_store_int16 (sp, 8); /* length of data */
+                if (ret == 0)
+                    ret = krb5_store_int32 (sp, context->kdc_sec_offset);
+                if (ret == 0)
+                    ret = krb5_store_int32 (sp, context->kdc_usec_offset);
 	    } else {
-		ret |= krb5_store_int16 (sp, 0);
+                if (ret == 0)
+                    ret = krb5_store_int16 (sp, 0);
 	    }
 	}
-	ret |= krb5_store_principal(sp, primary_principal);
+        if (ret == 0)
+            ret = krb5_store_principal(sp, primary_principal);
 
-	ret |= write_storage(context, sp, fd);
+        if (ret == 0)
+            ret = write_storage(context, sp, fd);
 
 	krb5_storage_free(sp);
     }
diff --git a/lib/krb5/pac.c b/lib/krb5/pac.c
index c26201be9..8ad510998 100644
--- a/lib/krb5/pac.c
+++ b/lib/krb5/pac.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+ * Copyright (c) 2006 - 2017 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
@@ -925,7 +925,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
 	if (l > sizeof(zeros))
 	    l = sizeof(zeros);
 	sret = krb5_storage_write(sp, zeros, l);
-	if (sret <= 0)
+	if (sret != l)
 	    return krb5_enomem(context);
 
 	len -= sret;