diff --git a/scan_ldapsearchfilter.c b/scan_ldapsearchfilter.c
index 0ee2398..1a08141 100644
--- a/scan_ldapsearchfilter.c
+++ b/scan_ldapsearchfilter.c
@@ -41,10 +41,7 @@ size_t scan_ldapsearchfilter(const char* src,const char* max,struct Filter** f)
   res+=tmp;
   nmax=src+res+len;
   if (nmax>max) goto error;
-  if (!(*f=malloc(sizeof(struct Filter)))) goto error;
-  (*f)->next=0;
-  (*f)->x=0;
-  (*f)->substrings=0;
+  if (!(*f=calloc(1,sizeof(struct Filter)))) goto error;
   switch ((*f)->type=tag) {
   case 0:    /*  and             [0] SET OF Filter, */
   case 1:    /*  or              [1] SET OF Filter, */
@@ -84,13 +81,12 @@ size_t scan_ldapsearchfilter(const char* src,const char* max,struct Filter** f)
       res+=tmp;
       if (src+res+len2!=nmax) goto error;
       while (src+res<nmax) {
-	struct Substring* s=malloc(sizeof(struct Substring));
+	struct Substring* s=calloc(1,sizeof(struct Substring));
 	unsigned long x;
 	enum asn1_tagtype tt;
 	enum asn1_tagclass tc;
 	if (!s) goto error;
-	if (!(tmp=scan_asn1string(src+res,nmax,&tc,&tt,&x,&s->s.s,&s->s.l))) { free(s); goto error; }
-	if (x>2) goto error;
+	if (!(tmp=scan_asn1string(src+res,nmax,&tc,&tt,&x,&s->s.s,&s->s.l)) || x>2) { free(s); goto error; }
 	s->substrtype=x;
 	res+=tmp;
 	s->next=(*f)->substrings;
diff --git a/scan_ldapsearchfilterstring.c b/scan_ldapsearchfilterstring.c
index 4f67dd4..733f37a 100644
--- a/scan_ldapsearchfilterstring.c
+++ b/scan_ldapsearchfilterstring.c
@@ -52,7 +52,7 @@ scan_filterlist:
 substring:
 	  while (*s!=')') {
 	    size_t i,j;
-	    struct Substring* substring=malloc(sizeof(struct Substring));
+	    struct Substring* substring=calloc(1,sizeof(struct Substring));
 	    if (!substring) goto error;
 	    substring->s.s=s;
 	    i=str_chr(s,')');
diff --git a/scan_ldapsearchrequest.c b/scan_ldapsearchrequest.c
index 4843bb0..6e5dfa4 100644
--- a/scan_ldapsearchrequest.c
+++ b/scan_ldapsearchrequest.c
@@ -1,4 +1,5 @@
 #include <stdlib.h>
+#include <string.h>
 #include "ldap.h"
 
 size_t scan_ldapsearchrequest(const char* src,const char* max,
@@ -34,10 +35,9 @@ size_t scan_ldapsearchrequest(const char* src,const char* max,
     for (;;) {
       if (src+res>nmax) goto error;
       if (src+res==nmax) break;
-      if (!*a) *a=malloc(sizeof(struct AttributeDescriptionList));
+      if (!*a) *a=calloc(1,sizeof(struct AttributeDescriptionList));
       if (!*a) goto error;
-      (*a)->next=0;
-      if (!(tmp=scan_ldapstring(src+res,nmax,&(*a)->a))) goto error;
+      if (!(tmp=scan_ldapstring(src+res,nmax,&(*a)->a))) { free(*a); goto error; }
       res+=tmp;
       a=&(*a)->next;
     }
@@ -52,4 +52,5 @@ void free_ldapsearchrequest(struct SearchRequest* s) {
   if (s->attributes)
     free_ldapadl(s->attributes->next);
   free_ldapsearchfilter(s->filter);
+  memset(s,0,sizeof(*s));
 }
diff --git a/scan_ldapsearchresultentry.c b/scan_ldapsearchresultentry.c
index 50e8654..747734d 100644
--- a/scan_ldapsearchresultentry.c
+++ b/scan_ldapsearchresultentry.c
@@ -37,6 +37,7 @@ size_t scan_ldapsearchresultentry(const char* src,const char* max,struct SearchR
   return res;
 error:
   freepal(sre->attributes);
+  sre->attributes=0;
   return 0;
 }