diff --git a/src/ap/eap_user_db.c b/src/ap/eap_user_db.c
index 1c26fe3b6..a510ee3e2 100644
--- a/src/ap/eap_user_db.c
+++ b/src/ap/eap_user_db.c
@@ -139,6 +139,7 @@ eap_user_sqlite_get(struct hostapd_data *hapd, const u8 *identity,
 	struct hostapd_eap_user *user = NULL;
 	char id_str[256], cmd[300];
 	size_t i;
+	int res;
 
 	if (identity_len >= sizeof(id_str)) {
 		wpa_printf(MSG_DEBUG, "%s: identity len too big: %d >= %d",
@@ -183,9 +184,12 @@ eap_user_sqlite_get(struct hostapd_data *hapd, const u8 *identity,
 		return NULL;
 	}
 
-	os_snprintf(cmd, sizeof(cmd),
-		    "SELECT * FROM users WHERE identity='%s' AND phase2=%d;",
-		    id_str, phase2);
+	res = os_snprintf(cmd, sizeof(cmd),
+			  "SELECT * FROM users WHERE identity='%s' AND phase2=%d;",
+			  id_str, phase2);
+	if (os_snprintf_error(sizeof(cmd), res))
+		goto fail;
+
 	wpa_printf(MSG_DEBUG, "DB: %s", cmd);
 	if (sqlite3_exec(db, cmd, get_user_cb, &hapd->tmp_eap_user, NULL) !=
 	    SQLITE_OK) {
@@ -215,6 +219,7 @@ eap_user_sqlite_get(struct hostapd_data *hapd, const u8 *identity,
 		}
 	}
 
+fail:
 	sqlite3_close(db);
 
 	return user;
diff --git a/src/ap/vlan_init.c b/src/ap/vlan_init.c
index ce37fdaf9..e293a0033 100644
--- a/src/ap/vlan_init.c
+++ b/src/ap/vlan_init.c
@@ -187,6 +187,7 @@ struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
 {
 	struct hostapd_vlan *n;
 	char ifname[IFNAMSIZ + 1], *pos;
+	int ret;
 
 	if (vlan == NULL || vlan->vlan_id != VLAN_ID_WILDCARD)
 		return NULL;
@@ -208,8 +209,12 @@ struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
 		n->vlan_desc = *vlan_desc;
 	n->dynamic_vlan = 1;
 
-	os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
-		    pos);
+	ret = os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s",
+			  ifname, vlan_id, pos);
+	if (os_snprintf_error(sizeof(n->ifname), ret)) {
+		os_free(n);
+		return NULL;
+	}
 	os_strlcpy(n->bridge, vlan->bridge, sizeof(n->bridge));
 
 	n->next = hapd->conf->vlan;
diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c
index 20abaab4c..888ea89f3 100644
--- a/src/drivers/driver_wext.c
+++ b/src/drivers/driver_wext.c
@@ -868,14 +868,16 @@ static int wext_hostap_ifname(struct wpa_driver_wext_data *drv,
 			      const char *ifname)
 {
 	char buf[200], *res;
-	int type;
+	int type, ret;
 	FILE *f;
 
 	if (strcmp(ifname, ".") == 0 || strcmp(ifname, "..") == 0)
 		return -1;
 
-	snprintf(buf, sizeof(buf), "/sys/class/net/%s/device/net/%s/type",
-		 drv->ifname, ifname);
+	ret = snprintf(buf, sizeof(buf), "/sys/class/net/%s/device/net/%s/type",
+		       drv->ifname, ifname);
+	if (os_snprintf_error(sizeof(buf), ret))
+		return -1;
 
 	f = fopen(buf, "r");
 	if (!f)
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
index 9305b9a4f..33f02a798 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
@@ -532,6 +532,7 @@ DBusMessage * wpas_dbus_handler_p2p_connect(DBusMessage *message,
 	int new_pin;
 	char *err_msg = NULL;
 	char *iface = NULL;
+	int ret;
 
 	if (!wpa_dbus_p2p_check_enabled(wpa_s, message, &reply, NULL))
 		return reply;
@@ -609,7 +610,12 @@ DBusMessage * wpas_dbus_handler_p2p_connect(DBusMessage *message,
 		char npin[9];
 		char *generated_pin;
 
-		os_snprintf(npin, sizeof(npin), "%08d", new_pin);
+		ret = os_snprintf(npin, sizeof(npin), "%08d", new_pin);
+		if (os_snprintf_error(sizeof(npin), ret)) {
+			reply = wpas_dbus_error_unknown_error(message,
+							      "invalid PIN");
+			goto out;
+		}
 		generated_pin = npin;
 		reply = dbus_message_new_method_return(message);
 		dbus_message_append_args(reply, DBUS_TYPE_STRING,
diff --git a/wpa_supplicant/dbus/dbus_new_handlers_wps.c b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
index f762b3f2e..19c1a6157 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers_wps.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers_wps.c
@@ -286,8 +286,12 @@ DBusMessage * wpas_dbus_handler_wps_start(DBusMessage *message,
 		ret = wpas_wps_start_pin(wpa_s, params.bssid,
 					 params.pin, 0,
 					 DEV_PW_DEFAULT);
-		if (ret > 0)
-			os_snprintf(npin, sizeof(npin), "%08d", ret);
+		if (ret > 0) {
+			ret = os_snprintf(npin, sizeof(npin), "%08d", ret);
+			if (os_snprintf_error(sizeof(npin), ret))
+				return wpas_dbus_error_unknown_error(
+					message, "invalid PIN");
+		}
 	} else {
 		ret = wpas_wps_start_pbc(wpa_s, params.bssid, 0);
 	}
diff --git a/wpa_supplicant/dbus/dbus_old_handlers_wps.c b/wpa_supplicant/dbus/dbus_old_handlers_wps.c
index 5309a5301..987e12d9c 100644
--- a/wpa_supplicant/dbus/dbus_old_handlers_wps.c
+++ b/wpa_supplicant/dbus/dbus_old_handlers_wps.c
@@ -71,7 +71,7 @@ DBusMessage * wpas_dbus_iface_wps_pin(DBusMessage *message,
 	char *arg_bssid;
 	char *pin = NULL;
 	u8 bssid[ETH_ALEN], *_bssid = NULL;
-	int ret = 0;
+	int ret;
 	char npin[9];
 
 	if (!dbus_message_get_args(message, NULL, DBUS_TYPE_STRING, &arg_bssid,
@@ -105,7 +105,11 @@ DBusMessage * wpas_dbus_iface_wps_pin(DBusMessage *message,
 		return NULL;
 
 	if (ret > 0) {
-		os_snprintf(npin, sizeof(npin), "%08d", ret);
+		ret = os_snprintf(npin, sizeof(npin), "%08d", ret);
+		if (os_snprintf_error(sizeof(npin), ret))
+			return wpas_dbus_new_invalid_opts_error(message,
+								"invalid PIN");
+
 		pin = npin;
 	}
 	dbus_message_append_args(reply, DBUS_TYPE_STRING, &pin,