diff --git a/kadmin/kadm_conn.c b/kadmin/kadm_conn.c
index 3d0683244..d29864ad2 100644
--- a/kadmin/kadm_conn.c
+++ b/kadmin/kadm_conn.c
@@ -298,4 +298,5 @@ start_server(krb5_context contextp, const char *port_str)
     roken_detach_finish(NULL, daemon_child);
 
     wait_for_connection(contextp, socks, num_socks);
+    free(socks);
 }
diff --git a/kuser/kinit.c b/kuser/kinit.c
index 61fa61279..0d2c41bee 100644
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -798,6 +798,9 @@ ticket_lifetime(krb5_context context, krb5_ccache cache, krb5_principal client,
 
     memset(&in_cred, 0, sizeof(in_cred));
 
+    if (renew != NULL)
+        *renew = 0;
+
     ret = krb5_cc_get_principal(context, cache, &in_cred.client);
     if (ret) {
 	krb5_warn(context, ret, "krb5_cc_get_principal");
diff --git a/kuser/klist.c b/kuser/klist.c
index 96b49b0ae..1fd18f0a4 100644
--- a/kuser/klist.c
+++ b/kuser/klist.c
@@ -503,8 +503,10 @@ list_caches(krb5_context context, struct klist_options *opt)
     def_name = strdup(cdef_name);
 
     ret = krb5_cccol_cursor_new(context, &cursor);
-    if (ret == KRB5_CC_NOSUPP)
+    if (ret == KRB5_CC_NOSUPP) {
+        free(def_name);
 	return 0;
+    }
     else if (ret)
 	krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
 
diff --git a/lib/hdb/keys.c b/lib/hdb/keys.c
index a10245573..5e705eac5 100644
--- a/lib/hdb/keys.c
+++ b/lib/hdb/keys.c
@@ -162,15 +162,15 @@ parse_key_set(krb5_context context, const char *key,
 	    continue;
 	}
 
-	{
-	    /* if there is a final string, use it as the string to
-	       salt with, this is mostly useful with null salt for
-	       v4 compat, and a cell name for afs compat */
-	    salt->saltvalue.data = strdup(buf[i]);
-	    if (salt->saltvalue.data == NULL)
-                return krb5_enomem(context);
-	    salt->saltvalue.length = strlen(buf[i]);
-	}
+        if (salt->saltvalue.data != NULL)
+            free(salt->saltvalue.data);
+        /* if there is a final string, use it as the string to
+           salt with, this is mostly useful with null salt for
+           v4 compat, and a cell name for afs compat */
+        salt->saltvalue.data = strdup(buf[i]);
+        if (salt->saltvalue.data == NULL)
+            return krb5_enomem(context);
+        salt->saltvalue.length = strlen(buf[i]);
     }
 
     if(enctypes == NULL || salt->salttype == 0) {
diff --git a/lib/kadm5/common_glue.c b/lib/kadm5/common_glue.c
index 79e12d072..6dc42fd2a 100644
--- a/lib/kadm5/common_glue.c
+++ b/lib/kadm5/common_glue.c
@@ -283,7 +283,8 @@ kadm5_setkey_principal_3(void *server_handle,
 	return ret;
 
     if (keepold) {
-	new_key_data = malloc((n_keys + princ_ent.n_key_data) * sizeof(*new_key_data));
+        new_key_data = calloc((n_keys + princ_ent.n_key_data),
+                              sizeof(*new_key_data));
 	if (new_key_data == NULL) {
 	    ret = ENOMEM;
 	    goto out;
@@ -292,7 +293,7 @@ kadm5_setkey_principal_3(void *server_handle,
 	memcpy(&new_key_data[n_keys], &princ_ent.key_data[0],
 		princ_ent.n_key_data * sizeof (princ_ent.key_data[0]));
     } else {
-	new_key_data = malloc(n_keys * sizeof(*new_key_data));
+	new_key_data = calloc(n_keys, sizeof(*new_key_data));
 	if (new_key_data == NULL) {
 	    ret = ENOMEM;
 	    goto out;
@@ -324,8 +325,10 @@ kadm5_setkey_principal_3(void *server_handle,
 	 */
 	new_key_data[i].key_data_type[1] = 0;
 	if (n_ks_tuple > 0) {
-	    if (ks_tuple[i].ks_enctype != keyblocks[i].keytype)
-		return KADM5_SETKEY3_ETYPE_MISMATCH;
+	    if (ks_tuple[i].ks_enctype != keyblocks[i].keytype) {
+		ret = KADM5_SETKEY3_ETYPE_MISMATCH;
+                goto out;
+            }
 	    new_key_data[i].key_data_type[1] = ks_tuple[i].ks_salttype;
 	}
 	new_key_data[i].key_data_length[1] = 0;
diff --git a/lib/kadm5/randkey_c.c b/lib/kadm5/randkey_c.c
index 6b43d1308..b3b383cf8 100644
--- a/lib/kadm5/randkey_c.c
+++ b/lib/kadm5/randkey_c.c
@@ -126,7 +126,8 @@ kadm5_c_randkey_principal(void *server_handle,
 	if (n_keys && new_keys) {
 	    *n_keys = tmp;
 	    *new_keys = k;
-	}
+	} else
+            free(k);
     }
 out:
     krb5_storage_free(sp);
diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 280b1908b..a139275d8 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -2347,8 +2347,10 @@ _get_derived_key(krb5_context context,
 	    return 0;
 	}
     d = _new_derived_key(crypto, usage);
-    if (d == NULL)
+    if (d == NULL) {
+        *key = NULL; /* quiet warning */
 	return krb5_enomem(context);
+    }
     krb5_copy_keyblock(context, crypto->key.key, &d->key);
     _krb5_put_int(constant, usage, 5);
     _krb5_derive_key(context, crypto->et, d, constant, sizeof(constant));
diff --git a/lib/krb5/dcache.c b/lib/krb5/dcache.c
index a451ebcf6..c89e157de 100644
--- a/lib/krb5/dcache.c
+++ b/lib/krb5/dcache.c
@@ -146,6 +146,7 @@ get_default_cache(krb5_context context, krb5_dcache *dc, char **residual)
     char *primary;
     FILE *f;
 
+    *residual = NULL;
     primary = primary_create(dc);
     if (primary == NULL)
 	return krb5_enomem(context);
diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c
index a4b0ee8e1..48fc241ee 100644
--- a/lib/krb5/fcache.c
+++ b/lib/krb5/fcache.c
@@ -662,6 +662,8 @@ init_fcc(krb5_context context,
     krb5_storage *sp;
     krb5_error_code ret;
 
+    *ret_fd = -1;
+    *ret_sp = NULL;
     if (kdc_offset)
 	*kdc_offset = 0;
 
diff --git a/lib/krb5/scache.c b/lib/krb5/scache.c
index 06386d6cd..61a9b4fa1 100644
--- a/lib/krb5/scache.c
+++ b/lib/krb5/scache.c
@@ -656,6 +656,7 @@ encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
     krb5_error_code ret;
     krb5_storage *sp;
 
+    krb5_data_zero(data);
     sp = krb5_storage_emem();
     if (sp == NULL)
 	return krb5_enomem(context);