diff --git a/ChangeLog b/ChangeLog
index a28fa8b5b..eb9a6ebea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,8 @@
    - jolan@cvs.openbsd.org 2007/05/17 23:53:41
      [sshconnect2.c]
      djm owes me a vb and a tism cd for breaking ssh compilation
+ - (dtucker) [auth-pam.c] malloc+memset -> calloc.  Patch from
+   ldv at altlinux.org.
 
 20070509
  - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
@@ -2936,4 +2938,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4668 2007/05/20 05:11:33 dtucker Exp $
+$Id: ChangeLog,v 1.4669 2007/05/20 05:20:08 dtucker Exp $
diff --git a/auth-pam.c b/auth-pam.c
index c08d47229..bfd8f3270 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -686,8 +686,7 @@ sshpam_init_ctx(Authctxt *authctxt)
 		return (NULL);
 	}
 
-	ctxt = xmalloc(sizeof *ctxt);
-	memset(ctxt, 0, sizeof(*ctxt));
+	ctxt = xcalloc(1, sizeof *ctxt);
 
 	/* Start the authentication thread */
 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
@@ -1130,9 +1129,8 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
 	if (n <= 0 || n > PAM_MAX_NUM_MSG)
 		return (PAM_CONV_ERR);
 
-	if ((reply = malloc(n * sizeof(*reply))) == NULL)
+	if ((reply = calloc(n, sizeof(*reply))) == NULL)
 		return (PAM_CONV_ERR);
-	memset(reply, 0, n * sizeof(*reply));
 
 	for (i = 0; i < n; ++i) {
 		switch (PAM_MSG_MEMBER(msg, i, msg_style)) {