diff --git a/extensions/libxt_pknock.c b/extensions/libxt_pknock.c
index 1e768b8..b3b6c5f 100644
--- a/extensions/libxt_pknock.c
+++ b/extensions/libxt_pknock.c
@@ -150,8 +150,8 @@ __pknock_parse(int c, char **argv, int invert, unsigned int *flags,
 
 		xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
 
-		memset(info->rule_name, 0, XT_PKNOCK_MAX_BUF_LEN + 1);
-		strncpy(info->rule_name, optarg, XT_PKNOCK_MAX_BUF_LEN);
+		memset(info->rule_name, 0, sizeof(info->rule_name));
+		strncpy(info->rule_name, optarg, sizeof(info->rule_name) - 1);
 
 		info->rule_name_len = strlen(info->rule_name);
 		info->option |= XT_PKNOCK_NAME;
@@ -168,8 +168,8 @@ __pknock_parse(int c, char **argv, int invert, unsigned int *flags,
 
 		xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
 
-		memset(info->open_secret, 0, XT_PKNOCK_MAX_PASSWD_LEN + 1);
-		strncpy(info->open_secret, optarg, XT_PKNOCK_MAX_PASSWD_LEN);
+		memset(info->open_secret, 0, sizeof(info->open_secret));
+		strncpy(info->open_secret, optarg, sizeof(info->open_secret) - 1);
 
 		info->open_secret_len = strlen(info->open_secret);
 		info->option |= XT_PKNOCK_OPENSECRET;
@@ -183,8 +183,8 @@ __pknock_parse(int c, char **argv, int invert, unsigned int *flags,
 
 		xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
 
-		memset(info->close_secret, 0, XT_PKNOCK_MAX_PASSWD_LEN + 1);
-		strncpy(info->close_secret, optarg, XT_PKNOCK_MAX_PASSWD_LEN);
+		memset(info->close_secret, 0, sizeof(info->close_secret));
+		strncpy(info->close_secret, optarg, sizeof(info->close_secret) - 1);
 
 		info->close_secret_len = strlen(info->close_secret);
 		info->option |= XT_PKNOCK_CLOSESECRET;
diff --git a/extensions/xt_pknock.c b/extensions/xt_pknock.c
index 8d0b392..6c5cd62 100644
--- a/extensions/xt_pknock.c
+++ b/extensions/xt_pknock.c
@@ -452,7 +452,7 @@ add_rule(struct xt_pknock_mtinfo *info)
 
 	INIT_LIST_HEAD(&rule->head);
 
-	memset(rule->rule_name, 0, XT_PKNOCK_MAX_BUF_LEN + 1);
+	memset(rule->rule_name, 0, sizeof(rule->rule_name));
 	strncpy(rule->rule_name, info->rule_name, info->rule_name_len);
 	rule->rule_name_len = info->rule_name_len;
 
@@ -769,7 +769,7 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
 		return false;
 	}
 
-	memset(result, 0, 64);
+	memset(result, 0, sizeof(result));
 	memset(hexresult, 0, hexa_size);
 
 	epoch_min = get_epoch_minute();
@@ -788,7 +788,8 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
 	 * 4 bytes IP (32 bits) +
 	 * 4 bytes int epoch_min (32 bits)
 	 */
-	ret = crypto_hash_digest(&crypto.desc, sg, 8, result);
+	ret = crypto_hash_digest(&crypto.desc, sg,
+	      sizeof(ipsrc) + sizeof(epoch_min), result);
 	if (ret != 0) {
 		printk("crypto_hash_digest() failed ret=%d\n", ret);
 		goto out;