3 files changed, 11 insertions, 13 deletions

diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c
index 378c6cee..04c6ff17 100644
--- a/libpam/pam_handlers.c
+++ b/libpam/pam_handlers.c
@@ -384,15 +384,12 @@ int _pam_init_handlers(pam_handle_t *pamh)
 	    int read_something=0;
 
 	    D(("searching " PAM_CONFIG_D " for config files"));
-	    filename = malloc(sizeof(PAM_CONFIG_DF)
-			      +strlen(pamh->service_name));
-	    if (filename == NULL) {
+	    if (asprintf(&filename, PAM_CONFIG_DF, pamh->service_name) < 0) {
 		pam_syslog(pamh, LOG_ERR,
 				"_pam_init_handlers: no memory; service %s",
 				pamh->service_name);
 		return PAM_BUF_ERR;
 	    }
-	    sprintf(filename, PAM_CONFIG_DF, pamh->service_name);
 	    D(("opening %s", filename));
 	    f = fopen(filename, "r");
 	    if (f != NULL) {
@@ -631,12 +628,12 @@ int _pam_add_handler(pam_handle_t *pamh
 	if (mod_path[0] == '/') {
 	    break;
 	}
-	mod_full_path = malloc(sizeof(DEFAULT_MODULE_PATH)+strlen(mod_path));
-	if (mod_full_path) {
-	    sprintf(mod_full_path, DEFAULT_MODULE_PATH "%s", mod_path);
+	if (asprintf(&mod_full_path, "%s%s",
+		     DEFAULT_MODULE_PATH, mod_path) >= 0) {
 	    mod_path = mod_full_path;
 	    break;
 	}
+	mod_full_path = NULL;
 	pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
     case 0:
 	mod_path = UNKNOWN_MODULE_PATH;
diff --git a/libpam_misc/help_env.c b/libpam_misc/help_env.c
index 2b800283..601c5f41 100644
--- a/libpam_misc/help_env.c
+++ b/libpam_misc/help_env.c
@@ -5,6 +5,8 @@
  *
  */
 
+#include "config.h"
+
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -72,9 +74,7 @@ int pam_misc_setenv(pam_handle_t *pamh, const char *name
 	    return PAM_PERM_DENIED;          /* not allowed to overwrite */
 	}
     }
-    tmp = malloc(2+strlen(name)+strlen(value));
-    if (tmp != NULL) {
-	sprintf(tmp,"%s=%s",name,value);
+    if (asprintf(&tmp, "%s=%s", name, value) >= 0) {
 	D(("pam_putt()ing: %s", tmp));
 	retval = pam_putenv(pamh, tmp);
 	_pam_overwrite(tmp);                 /* purge */
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index 188726f7..f584a438 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -175,9 +175,10 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
     memset(&key, 0, sizeof(key));
     memset(&data, 0, sizeof(data));
     if (ctrl & PAM_KEY_ONLY_ARG) {
-        key.dptr = malloc(strlen(user) + 1 + strlen(pass) + 1);
-        sprintf(key.dptr, "%s-%s", user, pass);
-        key.dsize = strlen(key.dptr);
+	if (asprintf(&key.dptr, "%s-%s", user, pass) < 0)
+	    key.dptr = NULL;
+	else
+	    key.dsize = strlen(key.dptr);
     } else {
         key.dptr = x_strdup(user);
         key.dsize = strlen(user);