diff --git a/src/bucket.c b/src/bucket.c
index 6d30674..5468a3c 100644
--- a/src/bucket.c
+++ b/src/bucket.c
@@ -324,6 +324,7 @@ void S3_create_bucket(S3Protocol protocol, const char *accessKeyId,
     };
 
     // Perform the request
+    free(cbData);
     request_perform(&params, requestContext);
 }
 
@@ -411,6 +412,7 @@ void S3_delete_bucket(S3Protocol protocol, S3UriStyle uriStyle,
         timeoutMs                                     // timeoutMs
     };
 
+    free(dbData);
     // Perform the request
     request_perform(&params, requestContext);
 }
diff --git a/src/bucket_metadata.c b/src/bucket_metadata.c
index 05f3e67..2f63818 100644
--- a/src/bucket_metadata.c
+++ b/src/bucket_metadata.c
@@ -163,6 +163,7 @@ void S3_get_acl(const S3BucketContext *bucketContext, const char *key,
         timeoutMs                                     // timeoutMs
     };
 
+    free(gaData);
     // Perform the request
     request_perform(&params, requestContext);
 }
@@ -478,6 +479,7 @@ void S3_get_lifecycle(const S3BucketContext *bucketContext,
     };
 
     // Perform the request
+    free(gaData);
     request_perform(&params, requestContext);
 }
 
@@ -601,6 +603,7 @@ void S3_set_lifecycle(const S3BucketContext *bucketContext,
         timeoutMs                                     // timeoutMs
     };
 
+    free(data);
     // Perform the request
     request_perform(&params, requestContext);
 #endif
diff --git a/src/general.c b/src/general.c
index 7876f58..5772c8b 100644
--- a/src/general.c
+++ b/src/general.c
@@ -385,14 +385,18 @@ static S3Status convertAclXmlCallback(const char *elementPath,
 
             if (caData->emailAddress[0]) {
                 grant->granteeType = S3GranteeTypeAmazonCustomerByEmail;
-                strcpy(grant->grantee.amazonCustomerByEmail.emailAddress,
-                       caData->emailAddress);
+                strncpy(grant->grantee.amazonCustomerByEmail.emailAddress,
+                    caData->emailAddress,
+                    S3_MAX_GRANTEE_EMAIL_ADDRESS_SIZE - 1);
+                grant->grantee.amazonCustomerByEmail.emailAddress[S3_MAX_GRANTEE_EMAIL_ADDRESS_SIZE - 1] = '\0';
             }
             else if (caData->userId[0] && caData->userDisplayName[0]) {
                 grant->granteeType = S3GranteeTypeCanonicalUser;
-                strcpy(grant->grantee.canonicalUser.id, caData->userId);
-                strcpy(grant->grantee.canonicalUser.displayName,
-                       caData->userDisplayName);
+                strncpy(grant->grantee.canonicalUser.id, caData->userId, S3_MAX_GRANTEE_USER_ID_SIZE - 1);
+                grant->grantee.canonicalUser.id[S3_MAX_GRANTEE_USER_ID_SIZE - 1] = '\0';
+                
+                strncpy(grant->grantee.canonicalUser.displayName, caData->userDisplayName, S3_MAX_GRANTEE_DISPLAY_NAME_SIZE - 1);
+                grant->grantee.canonicalUser.displayName[S3_MAX_GRANTEE_DISPLAY_NAME_SIZE - 1] = '\0';
             }
             else if (caData->groupUri[0]) {
                 if (!strcmp(caData->groupUri,
diff --git a/src/request.c b/src/request.c
index dd66863..6674a2c 100644
--- a/src/request.c
+++ b/src/request.c
@@ -834,6 +834,10 @@ static void sort_query_string(const char *queryString, char *result,
     // Where did strdup go?!??
     int queryStringLen = strlen(queryString);
     char *buf = (char *) malloc(queryStringLen + 1);
+    if (!buf) {
+        result[0] = '\0';
+        return; // <-- Add: free(buf); before return (but buf is NULL here, so it's safe)
+    }
     char *tok = buf;
     strcpy(tok, queryString);
     const char *token = NULL;
@@ -865,9 +869,8 @@ static void sort_query_string(const char *queryString, char *result,
     if (len > 0) {
         result[len - 1] = 0;
     }
-#undef append
-
     free(buf);
+#undef append
 }
 
 
diff --git a/src/service_access_logging.c b/src/service_access_logging.c
index ce7ae6b..959f4e8 100644
--- a/src/service_access_logging.c
+++ b/src/service_access_logging.c
@@ -142,13 +142,16 @@ static S3Status convertBlsXmlCallback(const char *elementPath,
 
             if (caData->emailAddress[0]) {
                 grant->granteeType = S3GranteeTypeAmazonCustomerByEmail;
-                strcpy(grant->grantee.amazonCustomerByEmail.emailAddress,
-                       caData->emailAddress);
+                strncpy(grant->grantee.amazonCustomerByEmail.emailAddress, caData->emailAddress, S3_MAX_GRANTEE_EMAIL_ADDRESS_SIZE - 1);
+                grant->grantee.amazonCustomerByEmail.emailAddress[S3_MAX_GRANTEE_EMAIL_ADDRESS_SIZE - 1] = '\0';
             }
             else if (caData->userId[0] && caData->userDisplayName[0]) {
                 grant->granteeType = S3GranteeTypeCanonicalUser;
-                strcpy(grant->grantee.canonicalUser.id, caData->userId);
-                strcpy(grant->grantee.canonicalUser.displayName,
+                strncpy(grant->grantee.canonicalUser.id, caData->userId, S3_MAX_GRANTEE_USER_ID_SIZE - 1);
+                grant->grantee.canonicalUser.id[S3_MAX_GRANTEE_USER_ID_SIZE - 1] = '\0';
+                
+                strncpy(grant->grantee.canonicalUser.displayName, caData->userDisplayName, S3_MAX_GRANTEE_DISPLAY_NAME_SIZE - 1);
+                grant->grantee.canonicalUser.displayName[S3_MAX_GRANTEE_DISPLAY_NAME_SIZE - 1] = '\0';
                        caData->userDisplayName);
             }
             else if (caData->groupUri[0]) {