diff --git a/appl/ftp/ftpd/krb4.c b/appl/ftp/ftpd/krb4.c
index f808dbe52..27447a770 100644
--- a/appl/ftp/ftpd/krb4.c
+++ b/appl/ftp/ftpd/krb4.c
@@ -161,8 +161,13 @@ int krb4_mic(char *msg)
     MSG_DAT m_data;
     char *tmp, *cmd;
   
-    cmd = strdup(msg);
+    cmd = malloc(strlen(msg) + 1);
     
+    if (cmd == NULL) {
+	reply(451, "Failed to allocate memory.");
+	return -1;
+    }
+
     len = base64_decode(msg, cmd);
     if(len < 0){
 	reply(501, "Failed to decode base 64 data.");
@@ -172,18 +177,22 @@ int krb4_mic(char *msg)
     kerror = krb_rd_safe(cmd, len, &auth_dat.session, 
 			 &his_addr, &ctrl_addr, &m_data);
 
+    free(cmd);
     if(kerror){
 	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
-	free(cmd);
 	return -1;
     }
     
     tmp = malloc(strlen(msg) + 1);
-    snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
+    if (tmp == NULL) {
+	reply(451, "Failed to allocate memory.");
+	return -1;
+    }
+    snprintf(tmp, strlen(msg) + 1, "%.*s",
+	     (int)m_data.app_length, m_data.app_data);
     if(!strstr(tmp, "\r\n"))
 	strcat(tmp, "\r\n");
     new_ftp_command(tmp);
-    free(cmd);
     return 0;
 }
 
@@ -202,8 +211,8 @@ int krb4_enc(char *msg)
     MSG_DAT m_data;
     char *tmp, *cmd;
   
-    cmd = strdup(msg);
-    
+    cmd = malloc(strlen(msg) + 1);
+
     len = base64_decode(msg, cmd);
     if(len < 0){
 	reply(501, "Failed to decode base 64 data.");
@@ -212,19 +221,22 @@ int krb4_enc(char *msg)
     }
     kerror = krb_rd_priv(cmd, len, schedule, &auth_dat.session, 
 			 &his_addr, &ctrl_addr, &m_data);
+    free(cmd);
 
     if(kerror){
 	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
-	free(cmd);
 	return -1;
     }
     
-    tmp = strdup(msg);
+    tmp = malloc(strlen(msg) + 1);
+    if (tmp == NULL) {
+	reply(451, "Failed to allocate memory.");
+	return -1;
+    }
     snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
     if(!strstr(tmp, "\r\n"))
 	strcat(tmp, "\r\n");
     new_ftp_command(tmp);
-    free(cmd);
     return 0;
 }
 
diff --git a/appl/kx/common.c b/appl/kx/common.c
index ede60001c..ca3c8da38 100644
--- a/appl/kx/common.c
+++ b/appl/kx/common.c
@@ -141,6 +141,7 @@ get_xsockets (int *unix_socket, int *tcp_socket)
      char *dir, *p;
 
      dir = strdup (X_UNIX_PATH);
+     errx (1, "strdup: out of memory");
      p = strrchr (dir, '/');
      if (p)
        *p = '\0';
@@ -339,19 +340,29 @@ verify_and_remove_cookies (int fd, int sock)
      npad = (4 - (n % 4)) % 4;
      dpad = (4 - (d % 4)) % 4;
      protocol_name = malloc(n + npad);
+     if (protocol_name == NULL)
+	 return 1;
      protocol_data = malloc(d + dpad);
+     if (protocol_data == NULL)
+	 goto fail;
      if (krb_net_read (fd, protocol_name, n + npad) != n + npad)
-	  return 1;
+	 goto fail;
      if (krb_net_read (fd, protocol_data, d + dpad) != d + dpad)
-	  return 1;
+	 goto fail;
      if (strncmp (protocol_name, COOKIE_TYPE, strlen(COOKIE_TYPE)) != 0)
-	  return 1;
+	 goto fail;
      if (d != cookie_len ||
 	 memcmp (protocol_data, cookie, cookie_len) != 0)
-	  return 1;
+	 goto fail;
+     free (protocol_name);
+     free (protocol_data);
      if (krb_net_write (sock, zeros, 6) != 6)
 	  return 1;
      return 0;
+fail:
+     free (protocol_name);
+     free (protocol_data);
+     return 1;
 }
 
 /*
diff --git a/appl/kx/kx.c b/appl/kx/kx.c
index 17b02bb0b..cf2acd1d3 100644
--- a/appl/kx/kx.c
+++ b/appl/kx/kx.c
@@ -601,6 +601,8 @@ main(int argc, char **argv)
 	  if (p == NULL)
 	      errx(1, "Who are you?");
 	  user = strdup (p->pw_name);
+	  if (user == NULL)
+	      errx (1, "strdup: out of memory");
      }
      if (port == 0)
 	 port = k_getportbyname ("kx", "tcp", htons(KX_PORT));