diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 8b33ffec7..565183941 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -2044,13 +2044,13 @@ evp_encrypt(krb5_context context,
     c = encryptp ? &ctx->ectx : &ctx->dctx;
     if (ivec == NULL) {
 	/* alloca ? */
-	size_t len = EVP_CIPHER_CTX_iv_length(c);
-	void *loiv = malloc(len);
+	size_t len2 = EVP_CIPHER_CTX_iv_length(c);
+	void *loiv = malloc(len2);
 	if (loiv == NULL) {
 	    krb5_clear_error_message(context);
 	    return ENOMEM;
 	}
-	memset(loiv, 0, len);
+	memset(loiv, 0, len2);
 	EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1);
 	free(loiv);
     } else
diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c
index 1921bc167..f44378807 100644
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -2002,7 +2002,7 @@ krb5_get_init_creds_password(krb5_context context,
 
 
     if (ret == KRB5KDC_ERR_KEY_EXPIRED && chpw == 0) {
-	char buf[1024];
+	char buf2[1024];
 
 	/* try to avoid recursion */
 	if (in_tkt_service != NULL && strcmp(in_tkt_service, "kadmin/changepw") == 0)
@@ -2015,7 +2015,7 @@ krb5_get_init_creds_password(krb5_context context,
 	ret = change_password (context,
 			       client,
 			       ctx->password,
-			       buf,
+			       buf2,
 			       sizeof(buf),
 			       prompter,
 			       data,
diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c
index 9239ee6ad..6711c7702 100644
--- a/lib/krb5/pkinit.c
+++ b/lib/krb5/pkinit.c
@@ -1194,10 +1194,10 @@ pk_rd_pa_reply_enckey(krb5_context context,
 
     /* win2k uses ContentInfo */
     if (type == PKINIT_WIN2K) {
-	heim_oid type;
+	heim_oid type2;
 	heim_octet_string out;
 
-	ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
+	ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
 	if (ret) {
 	    /* windows LH with interesting CMS packets */
 	    size_t ph = 1 + der_length_len(content.length);
@@ -1214,19 +1214,19 @@ pk_rd_pa_reply_enckey(krb5_context context,
 	    content.data = ptr;
 	    content.length += ph;
 
-	    ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
+	    ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
 	    if (ret)
 		goto out;
 	}
-	if (der_heim_oid_cmp(&type, &asn1_oid_id_pkcs7_signedData)) {
+	if (der_heim_oid_cmp(&type2, &asn1_oid_id_pkcs7_signedData)) {
 	    ret = EINVAL; /* XXX */
 	    krb5_set_error_message(context, ret,
 				   N_("PKINIT: Invalid content type", ""));
-	    der_free_oid(&type);
+	    der_free_oid(&type2);
 	    der_free_octet_string(&out);
 	    goto out;
 	}
-	der_free_oid(&type);
+	der_free_oid(&type2);
 	krb5_data_free(&content);
 	ret = krb5_data_copy(&content, out.data, out.length);
 	der_free_octet_string(&out);