The second problem (kdb_log.c) was already fixed on master in e7aa25d215a9d4baa95643f2d19e44036e57af72. The fourth problem (kdc_preauth.c) is not likely to be a practical issue because we won't process a KDC request longer than 1MB. But I'll change the code to use calloc() since it's simpler (and likewise for dump.c).