diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index e91316abbe..0c96172be6 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -53,8 +53,9 @@ struct afs_pdata {
 static_inline int
 afs_pd_alloc(struct afs_pdata *apd, size_t size)
 {
-
-    if (size > AFS_LRALLOCSIZ)
+    /* Ensure that we give caller at least one trailing guard byte
+     * for the NUL terminator. */
+    if (size >= AFS_LRALLOCSIZ)
 	apd->ptr = osi_Alloc(size + 1);
     else
 	apd->ptr = osi_AllocLargeSpace(AFS_LRALLOCSIZ);
@@ -62,11 +63,13 @@ afs_pd_alloc(struct afs_pdata *apd, size_t size)
     if (apd->ptr == NULL)
 	return ENOMEM;
 
-    if (size > AFS_LRALLOCSIZ)
+    /* Clear it all now, including the guard byte. */
+    if (size >= AFS_LRALLOCSIZ)
 	memset(apd->ptr, 0, size + 1);
     else
 	memset(apd->ptr, 0, AFS_LRALLOCSIZ);
 
+    /* Don't tell the caller about the guard byte. */
     apd->remaining = size;
 
     return 0;
@@ -78,7 +81,7 @@ afs_pd_free(struct afs_pdata *apd)
     if (apd->ptr == NULL)
 	return;
 
-    if (apd->remaining > AFS_LRALLOCSIZ)
+    if (apd->remaining >= AFS_LRALLOCSIZ)
 	osi_Free(apd->ptr, apd->remaining + 1);
     else
 	osi_FreeLargeSpace(apd->ptr);