diff --git a/agent/command.c b/agent/command.c
index 1f4fa9623..8ce7a15d3 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1144,10 +1144,11 @@ cmd_genkey (assuan_context_t ctx, char *line)
 
   /* First inquire the parameters */
   rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_KEYPARAM);
-  if (!rc)
-    rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM);
   if (rc)
-    return rc;
+    goto leave;
+  rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM);
+  if (rc)
+    goto leave;
 
   init_membuf (&outbuf, 512);
 
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 3da553f95..53c88154b 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -964,7 +964,10 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp, int dontcare_exist,
 
       pi = xtrycalloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
       if (!pi)
-        return gpg_error_from_syserror ();
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
       pi->max_length = MAX_PASSPHRASE_LEN + 1;
       pi->min_digits = 0;  /* We want a real passphrase.  */
       pi->max_digits = 16;
diff --git a/agent/genkey.c b/agent/genkey.c
index 9b47f0fac..c7cfc6910 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -363,7 +363,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
   if (!pi2)
     {
       err = gpg_error_from_syserror ();
-      xfree (pi2);
+      xfree (pi);
       return err;
     }
   pi->max_length = MAX_PASSPHRASE_LEN + 1;
@@ -465,7 +465,10 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, time_t timestamp,
                                         "protect your new key"),
                                      &passphrase_buffer);
       if (rc)
-        return rc;
+        {
+          gcry_sexp_release (s_keyparam);
+          return rc;
+        }
       passphrase = passphrase_buffer;
     }
 
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 7e46f98f7..b4ffe8e8b 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -3218,7 +3218,10 @@ check_own_socket (void)
 
   err = npth_attr_init (&tattr);
   if (err)
-    return;
+    {
+      xfree (sockname);
+      return;
+    }
   npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
   err = npth_create (&thread, &tattr, check_own_socket_thread, sockname);
   if (err)
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index 1fcbd119f..bb17033a8 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -319,6 +319,7 @@ read_key (const char *fname)
   if (buflen >= 4 && !memcmp (buf, "Key:", 4))
     {
       log_error ("Extended key format is not supported by this tool\n");
+      xfree (buf);
       return NULL;
     }
   key = make_canonical (fname, buf, buflen);
@@ -793,7 +794,10 @@ agent_askpin (ctrl_t ctrl,
   passphrase = get_passphrase (0);
   size = strlen (passphrase);
   if (size >= pininfo->max_length)
-    return gpg_error (GPG_ERR_TOO_LARGE);
+    {
+      xfree (passphrase);
+      return gpg_error (GPG_ERR_TOO_LARGE);
+    }
 
   memcpy (&pininfo->pin, passphrase, size);
   xfree (passphrase);
diff --git a/common/tlv-builder.c b/common/tlv-builder.c
index 3b644ca24..59e2691e0 100644
--- a/common/tlv-builder.c
+++ b/common/tlv-builder.c
@@ -350,6 +350,7 @@ get_tlv_length (int class, int tag, int constructed, size_t length)
 
   (void)constructed;  /* Not used, but passed for uniformity of such calls.  */
 
+  /* coverity[identical_branches] */
   if (tag < 0x1f)
     {
       buflen++;