diff --git a/src/apps/oauth/oauth.c b/src/apps/oauth/oauth.c
index 3fa8f67..0410b98 100644
--- a/src/apps/oauth/oauth.c
+++ b/src/apps/oauth/oauth.c
@@ -347,7 +347,7 @@ int main(int argc, char **argv)
         mac_key_size=OAUTH_MAC_KEY_SIZE;
       } 
       strncpy(mac_key,mac_key_val,mac_key_size);
-      mac_key[mac_key_size+1]='\0';
+      mac_key[mac_key_size]='\0';
       break;
     case 'q':
       //token-timestamp
@@ -451,7 +451,7 @@ int main(int argc, char **argv)
             printf("{\n");
             printf("    \"access_token\":\"%s\",\n",base64encoded_etoken);
             printf("    \"token_type\":\"pop\",\n");
-            printf("    \"expires_in\":%d,\n",token_lifetime);
+            printf("    \"expires_in\":%u,\n",token_lifetime);
             printf("    \"kid\":\"%s\",\n",kid);
             printf("    \"key\":\"%s\",\n",mac_key);
             printf("    \"alg\":\"%s\"\n",hmac_alg);
diff --git a/src/apps/relay/userdb.c b/src/apps/relay/userdb.c
index 26acfaf..201015d 100644
--- a/src/apps/relay/userdb.c
+++ b/src/apps/relay/userdb.c
@@ -725,7 +725,7 @@ int add_static_user_account(char *user)
 			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user account: %s\n",user);
 		} else {
 			size_t ulen = s-user;
-			char *usname = (char*)malloc(sizeof(char)*(ulen+1));
+			char *usname = (char*)calloc(ulen+1, sizeof(char));
 			strncpy(usname,user,ulen);
 			usname[ulen]=0;
 			if(SASLprep((uint8_t*)usname)<0) {