diff --git a/src/eap_server/eap_server_identity.c b/src/eap_server/eap_server_identity.c
index b3c20873a..45015336b 100644
--- a/src/eap_server/eap_server_identity.c
+++ b/src/eap_server/eap_server_identity.c
@@ -120,9 +120,9 @@ static void eap_identity_process(struct eap_sm *sm, void *priv,
 		return; /* Should not happen - frame already validated */
 
 	wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len);
-	buf = os_malloc(len * 3 + 1);
+	buf = os_malloc(len * 4 + 1);
 	if (buf) {
-		printf_encode(buf, len * 3 + 1, pos, len);
+		printf_encode(buf, len * 4 + 1, pos, len);
 		eap_log_msg(sm, "EAP-Response/Identity '%s'", buf);
 		os_free(buf);
 	}
diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c
index 790c71950..0eb7908f3 100644
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -330,9 +330,9 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
 	wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
 	wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
 
-	buf = os_malloc(name_len * 3 + 1);
+	buf = os_malloc(name_len * 4 + 1);
 	if (buf) {
-		printf_encode(buf, name_len * 3 + 1, name, name_len);
+		printf_encode(buf, name_len * 4 + 1, name, name_len);
 		eap_log_msg(sm, "EAP-MSCHAPV2 Name '%s'", buf);
 		os_free(buf);
 	}
diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c
index 24225a45a..d09a76933 100644
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -985,9 +985,9 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
 
 	if (parse.user_name) {
 		char *nbuf;
-		nbuf = os_malloc(parse.user_name_len * 3 + 1);
+		nbuf = os_malloc(parse.user_name_len * 4 + 1);
 		if (nbuf) {
-			printf_encode(nbuf, parse.user_name_len * 3 + 1,
+			printf_encode(nbuf, parse.user_name_len * 4 + 1,
 				      parse.user_name,
 				      parse.user_name_len);
 			eap_log_msg(sm, "TTLS-User-Name '%s'", nbuf);
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 78c996146..c35ba557a 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -639,12 +639,12 @@ radius_server_get_new_session(struct radius_server_data *data,
 	sess->accept_attr = tmp.accept_attr;
 	sess->macacl = tmp.macacl;
 
-	sess->username = os_malloc(user_len * 2 + 1);
+	sess->username = os_malloc(user_len * 4 + 1);
 	if (sess->username == NULL) {
 		radius_server_session_free(data, sess);
 		return NULL;
 	}
-	printf_encode(sess->username, user_len * 2 + 1, user, user_len);
+	printf_encode(sess->username, user_len * 4 + 1, user, user_len);
 
 	sess->nas_ip = os_strdup(from_addr);
 	if (sess->nas_ip == NULL) {