diff --git a/source4/auth/kerberos/gssapi_parse.c b/source4/auth/kerberos/gssapi_parse.c
index 489ebca..b538d82 100644
--- a/source4/auth/kerberos/gssapi_parse.c
+++ b/source4/auth/kerberos/gssapi_parse.c
@@ -35,12 +35,8 @@ DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *tick
 	struct asn1_data *data;
 	DATA_BLOB ret;
 
-	if (!data || !ticket->data) {
-		return data_blob(NULL,0);
-	}
-
 	data = asn1_init(mem_ctx);
-	if (data == NULL) {
+	if (!data || !ticket->data) {
 		return data_blob(NULL,0);
 	}
 
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 4fd6501..e25fbc9 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -829,17 +829,14 @@ static WERROR dsdb_syntax_UNICODE_ldb_to_drsuapi(struct ldb_context *ldb,
 	W_ERROR_HAVE_NO_MEMORY(blobs);
 
 	for (i=0; i < in->num_values; i++) {
-		ssize_t ret;
-
 		out->value_ctr.values[i].blob	= &blobs[i];
 
-		if (!convert_string_talloc_convenience(blobs, schema->iconv_convenience, CH_UNIX, CH_UTF16,
-					    in->values[i].data,
-					    in->values[i].length,
-					    (void **)&blobs[i].data, NULL, false)) {
-			return WERR_FOOBAR;
+		if (!convert_string_talloc_convenience(blobs,
+			schema->iconv_convenience, CH_UNIX, CH_UTF16,
+			in->values[i].data, in->values[i].length,
+			(void **)&blobs[i].data, &blobs[i].length, false)) {
+				return WERR_FOOBAR;
 		}
-		blobs[i].length = ret;
 	}
 
 	return WERR_OK;
diff --git a/source4/lib/registry/regf.c b/source4/lib/registry/regf.c
index fbb9cd9..6d4ea1b 100644
--- a/source4/lib/registry/regf.c
+++ b/source4/lib/registry/regf.c
@@ -1727,7 +1727,8 @@ static WERROR regf_add_key(TALLOC_CTX *ctx, const struct hive_key *parent,
 
 	if (!hbin_get_tdr(regf, regf->header->data_offset, root,
 			  (tdr_pull_fn_t)tdr_pull_nk_block, root)) {
-		DEBUG(0, ("Unable to find HBIN data for offset %d\n", offset));
+		DEBUG(0, ("Unable to find HBIN data for offset %d\n",
+			regf->header->data_offset));
 		return WERR_GENERAL_FAILURE;
 	}
 	nk.sk_offset = root->sk_offset;
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 1014ab0..8a5ee89 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -547,7 +547,6 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
 	struct tls_context *tls;
 	int ret = 0;
 	const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-	char *cafile;
 	struct socket_context *new_sock;
 	NTSTATUS nt_status;
 	
@@ -574,7 +573,7 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
 	gnutls_global_init();
 
 	gnutls_certificate_allocate_credentials(&tls->xcred);
-	gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM);
+	gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM);
 	TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
 	TLSCHECK(gnutls_set_default_priority(tls->session));
 	gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index 1c9eabe..53021f6 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -465,6 +465,9 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 	if (!ev) {
 		exit(1);
 	}
+
+	mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
+	
 	/* setup gensec */
 	if (!(state->gensec_state)) {
 		switch (stdio_helper_mode) {
@@ -475,6 +478,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 			nt_status = gensec_client_start(NULL, &state->gensec_state, ev, 
 							lp_gensec_settings(NULL, lp_ctx));
 			if (!NT_STATUS_IS_OK(nt_status)) {
+				talloc_free(mem_ctx);
 				exit(1);
 			}
 
@@ -488,6 +492,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 			msg = messaging_client_init(state, lp_messaging_path(state, lp_ctx), 
 						    lp_iconv_convenience(lp_ctx), ev);
 			if (!msg) {
+				talloc_free(mem_ctx);
 				exit(1);
 			}
 			nt_status = auth_context_create_methods(mem_ctx, 
@@ -498,17 +503,20 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 								&auth_context);
 	
 			if (!NT_STATUS_IS_OK(nt_status)) {
+				talloc_free(mem_ctx);
 				exit(1);
 			}
 			
 			if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, 
 								 lp_gensec_settings(state, lp_ctx), 
 								 auth_context, &state->gensec_state))) {
+				talloc_free(mem_ctx);
 				exit(1);
 			}
 			break;
 		}
 		default:
+			talloc_free(mem_ctx);
 			abort();
 		}
 
@@ -559,20 +567,21 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 			nt_status = gensec_start_mech_by_oid(state->gensec_state, GENSEC_OID_NTLMSSP);
 			break;
 		default:
+			talloc_free(mem_ctx);
 			abort();
 		}
 
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			DEBUG(1, ("GENSEC mech failed to start: %s\n", nt_errstr(nt_status)));
 			mux_printf(mux_id, "BH GENSEC mech failed to start\n");
+			talloc_free(mem_ctx);
 			return;
 		}
 
 	}
 
 	/* update */
-	mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
-	
+
 	if (strncmp(buf, "PW ", 3) == 0) {
 		state->set_password = talloc_strndup(state,
 						     (const char *)in.data,