diff --git a/libtelnet/sra.c b/libtelnet/sra.c
index 395f217..0d49453 100644
--- a/libtelnet/sra.c
+++ b/libtelnet/sra.c
@@ -93,6 +93,11 @@ int server;
 	xuser = (char *)malloc(512);
 	pass = (char *)malloc(256);
 	xpass = (char *)malloc(512);
+
+	if (user == NULL || xuser == NULL || pass == NULL || xpass ==
+	NULL)
+		return 0; /* malloc failed */
+
 	passwd_sent = 0;
 	
 	genkeys(pka,ska);
@@ -534,6 +539,9 @@ auth_conv(int num_msg, const struct pam_message **msg,
 	struct pam_response *reply =
 		malloc(sizeof(struct pam_response) * num_msg);
 
+	if (reply == NULL)
+		return PAM_BUF_ERR;
+
 	for (i = 0; i < num_msg; i++) {
 		switch (msg[i]->msg_style) {
 		case PAM_PROMPT_ECHO_ON:        /* assume want user name */