diff --git a/lib/package_unpack.c b/lib/package_unpack.c
index 1d446a8f..1d205210 100644
--- a/lib/package_unpack.c
+++ b/lib/package_unpack.c
@@ -24,14 +24,16 @@
  */
 
 #include <sys/stat.h>
-#include <stdio.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <libgen.h>
+#include <limits.h>
 #include <stdbool.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <errno.h>
-#include <fcntl.h>
 #include <unistd.h>
-#include <libgen.h>
 
 #include "xbps_api_impl.h"
 
@@ -467,10 +469,11 @@ unpack_archive(struct xbps_handle *xhp,
 int HIDDEN
 xbps_unpack_binary_pkg(struct xbps_handle *xhp, xbps_dictionary_t pkg_repod)
 {
+	char bpkg[PATH_MAX];
 	struct archive *ar = NULL;
 	struct stat st;
 	const char *pkgver;
-	char *bpkg = NULL;
+	ssize_t l;
 	int pkg_fd = -1, rv = 0;
 	mode_t myumask;
 
@@ -479,19 +482,17 @@ xbps_unpack_binary_pkg(struct xbps_handle *xhp, xbps_dictionary_t pkg_repod)
 	xbps_dictionary_get_cstring_nocopy(pkg_repod, "pkgver", &pkgver);
 	xbps_set_cb_state(xhp, XBPS_STATE_UNPACK, 0, pkgver, NULL);
 
-	bpkg = xbps_repository_pkg_path(xhp, pkg_repod);
-	if (bpkg == NULL) {
+	l = xbps_pkg_path(xhp, bpkg, sizeof(bpkg), pkg_repod);
+	if (l < 0) {
 		xbps_set_cb_state(xhp, XBPS_STATE_UNPACK_FAIL,
 		    errno, pkgver,
 		    "%s: [unpack] cannot determine binary package "
-		    "file for `%s': %s", pkgver, bpkg, strerror(errno));
-		return errno;
+		    "file: %s", pkgver, strerror(errno));
+		return -l;
 	}
 
-	if ((ar = archive_read_new()) == NULL) {
-		free(bpkg);
+	if ((ar = archive_read_new()) == NULL)
 		return ENOMEM;
-	}
 	/*
 	 * Enable support for tar format and some compression methods.
 	 */
@@ -574,8 +575,6 @@ xbps_unpack_binary_pkg(struct xbps_handle *xhp, xbps_dictionary_t pkg_repod)
 		close(pkg_fd);
 	if (ar != NULL)
 		archive_read_free(ar);
-	if (bpkg)
-		free(bpkg);
 
 	/* restore */
 	umask(myumask);
diff --git a/lib/transaction_fetch.c b/lib/transaction_fetch.c
index 4cbe288e..22182e16 100644
--- a/lib/transaction_fetch.c
+++ b/lib/transaction_fetch.c
@@ -36,18 +36,19 @@
 static int
 verify_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkgd)
 {
+	char binfile[PATH_MAX];
 	struct xbps_repo *repo;
 	const char *pkgver, *repoloc, *sha256;
-	char *binfile;
+	ssize_t l;
 	int rv = 0;
 
 	xbps_dictionary_get_cstring_nocopy(pkgd, "repository", &repoloc);
 	xbps_dictionary_get_cstring_nocopy(pkgd, "pkgver", &pkgver);
 
-	binfile = xbps_repository_pkg_path(xhp, pkgd);
-	if (binfile == NULL) {
-		return ENOMEM;
-	}
+	l = xbps_pkg_path(xhp, binfile, sizeof(binfile), pkgd);
+	if (l < 0)
+		return -l;
+
 	/*
 	 * For pkgs in local repos check the sha256 hash.
 	 * For pkgs in remote repos check the RSA signature.
@@ -56,7 +57,7 @@ verify_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkgd)
 		rv = errno;
 		xbps_dbg_printf("%s: failed to get repository "
 			"%s: %s\n", pkgver, repoloc, strerror(errno));
-		goto out;
+		return rv;
 	}
 	if (repo->is_remote) {
 		/* remote repo */
@@ -64,17 +65,15 @@ verify_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkgd)
 			"%s: verifying RSA signature...", pkgver);
 
 		if (!xbps_verify_file_signature(repo, binfile)) {
-			char *sigfile;
 			rv = EPERM;
 			xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
 				"%s: the RSA signature is not valid!", pkgver);
 			xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
 				"%s: removed pkg archive and its signature.", pkgver);
 			(void)remove(binfile);
-			sigfile = xbps_xasprintf("%s.sig2", binfile);
-			(void)remove(sigfile);
-			free(sigfile);
-			goto out;
+			if (xbps_strlcat(binfile, ".sig2", sizeof(binfile)) < sizeof(binfile))
+				(void)remove(binfile);
+			return rv;
 		}
 	} else {
 		/* local repo */
@@ -84,13 +83,12 @@ verify_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkgd)
 		if ((rv = xbps_file_sha256_check(binfile, sha256)) != 0) {
 			xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
 				"%s: SHA256 hash is not valid: %s", pkgver, strerror(rv));
-			goto out;
+			return rv;
 		}
 
 	}
-out:
-	free(binfile);
-	return rv;
+
+	return 0;
 }
 
 static int
diff --git a/lib/transaction_internalize.c b/lib/transaction_internalize.c
index 7b37ea6b..1db75e08 100644
--- a/lib/transaction_internalize.c
+++ b/lib/transaction_internalize.c
@@ -24,6 +24,7 @@
  */
 #include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -69,13 +70,14 @@ internalize_script(xbps_dictionary_t pkg_repod, const char *script,
 static int
 internalize_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkg_repod)
 {
+	char pkgfile[PATH_MAX];
 	xbps_dictionary_t filesd = NULL, propsd = NULL;
 	struct stat st;
 	struct archive *ar = NULL;
 	struct archive_entry *entry;
 	const char *pkgver, *pkgname, *binpkg_pkgver;
+	ssize_t l;
 	int pkg_fd = -1;
-	char *pkgfile;
 	int rv = 0;
 
 	xbps_dictionary_get_cstring_nocopy(pkg_repod, "pkgver", &pkgver);
@@ -83,14 +85,12 @@ internalize_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkg_repod)
 	xbps_dictionary_get_cstring_nocopy(pkg_repod, "pkgname", &pkgname);
 	assert(pkgname);
 
-	pkgfile = xbps_repository_pkg_path(xhp, pkg_repod);
-	if (pkgfile == NULL)
-		return -errno;
+	l = xbps_pkg_path(xhp, pkgfile, sizeof(pkgfile), pkg_repod);
+	if (l < 0)
+		return l;
 
-	if ((ar = archive_read_new()) == NULL) {
-		free(pkgfile);
+	if ((ar = archive_read_new()) == NULL)
 		return -errno;
-	}
 
 	/*
 	 * Enable support for tar format and gzip/bzip2/lzma compression methods.
@@ -193,7 +193,6 @@ internalize_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkg_repod)
 		close(pkg_fd);
 	if (ar != NULL)
 		archive_read_free(ar);
-	free(pkgfile);
 	return rv;
 }