diff -urN ../libspf2-d14abff.orig/src/libspf2/spf_compile.c ./src/libspf2/spf_compile.c
--- ../libspf2-d14abff.orig/src/libspf2/spf_compile.c	2023-10-04 19:34:06.000000000 +0300
+++ ./src/libspf2/spf_compile.c	2023-11-04 20:39:38.450948000 +0200
@@ -608,7 +608,7 @@
 
 		default:
 			if (spf_server->debug > 3)
-				SPF_debugf("Adding illegal %%-follower '%c' at %d",
+				SPF_debugf("Adding illegal %%-follower '%c' at %zu",
 				src[idx], idx);
 			/* SPF spec says to treat it as a literal, not
 			 * SPF_E_INVALID_ESC */
diff -urN ../libspf2-d14abff.orig/src/libspf2/spf_dns_cache.c ./src/libspf2/spf_dns_cache.c
--- ../libspf2-d14abff.orig/src/libspf2/spf_dns_cache.c	2023-10-04 19:34:06.000000000 +0300
+++ ./src/libspf2/spf_dns_cache.c	2023-11-04 20:38:37.786636000 +0200
@@ -327,7 +327,7 @@
 		char	*new_domain;
 		size_t	 new_len = strlen(domain) + 1;
 
-		if (cached_rr->domain_buf_len < new_len) {
+		if (cached_rr->domain == NULL || cached_rr->domain_buf_len < new_len) {
 			new_domain = realloc(cached_rr->domain, new_len);
 			if (new_domain == NULL)
 				return SPF_E_NO_MEMORY;
diff -urN ../libspf2-d14abff.orig/src/libspf2/spf_dns_resolv.c ./src/libspf2/spf_dns_resolv.c
--- ../libspf2-d14abff.orig/src/libspf2/spf_dns_resolv.c	2023-10-04 19:34:06.000000000 +0300
+++ ./src/libspf2/spf_dns_resolv.c	2023-11-04 20:37:52.311182000 +0200
@@ -268,7 +268,7 @@
 	}
 #endif
 
-	responselen = 2048;
+	responselen = 65536;
 	responsebuf = (u_char *)malloc(responselen);
 	if (! responsebuf)
 		return NULL;	/* NULL always means OOM from DNS lookup. */
@@ -319,23 +319,8 @@
 							domain, rr_type, 0, SPF_h_errno);
 		}
 		else if (dns_len > responselen) {
-			void	*tmp;
-			/* We managed a lookup but our buffer was too small. */
-			responselen = dns_len + (dns_len >> 1);
-#if 0
-			/* Sanity-trap - we should never hit this. */
-			if (responselen > 1048576) {	/* One megabyte. */
-				free(responsebuf);
-				return SPF_dns_rr_new_init(spf_dns_server,
-								domain, rr_type, 0, SPF_h_errno);
-			}
-#endif
-			tmp = realloc(responsebuf, responselen);
-			if (!tmp) {
-				free(responsebuf);
-				return NULL;
-			}
-			responsebuf = tmp;
+			free(responsebuf);
+			return NULL;
 		}
 		else {
 			/* We managed a lookup, and our buffer was large enough. */
diff -urN ../libspf2-d14abff.orig/src/libspf2/spf_get_exp.c ./src/libspf2/spf_get_exp.c
--- ../libspf2-d14abff.orig/src/libspf2/spf_get_exp.c	2023-10-04 19:34:06.000000000 +0300
+++ ./src/libspf2/spf_get_exp.c	2023-11-04 20:39:08.724021000 +0200
@@ -62,7 +62,7 @@
 	}
 	else {
 		size_t	len = sizeof(SPF_LAME_EXP) + 1;
-		if (*buflenp < len) {
+		if (*bufp == NULL || *buflenp < len) {
 			char	*tmp = realloc(*bufp, len);
 			if (tmp == NULL)
 				return SPF_E_NO_MEMORY;