diff --git a/licence.c b/licence.c
index 0c6e1ec..618b71e 100644
--- a/licence.c
+++ b/licence.c
@@ -21,7 +21,7 @@
 #include "rdesktop.h"
 #include "ssl.h"
 
-extern char g_username[64];
+extern char *g_username;
 extern char g_hostname[16];
 
 static uint8 g_licence_key[16];
diff --git a/rdesktop.c b/rdesktop.c
index 93798cc..e8c632c 100644
--- a/rdesktop.c
+++ b/rdesktop.c
@@ -48,7 +48,7 @@
 #include "ssl.h"
 
 char g_title[64] = "";
-char g_username[64];
+char *g_username;
 char g_hostname[16];
 char g_keymapname[PATH_MAX] = "";
 unsigned int g_keylayout = 0x409;	/* Defaults to US keyboard layout */
@@ -99,7 +99,7 @@ RD_BOOL g_redirect = False;
 char g_redirect_server[64];
 char g_redirect_domain[16];
 char g_redirect_password[64];
-char g_redirect_username[64];
+char *g_redirect_username;
 char g_redirect_cookie[128];
 uint32 g_redirect_flags = 0;
 
@@ -473,7 +473,8 @@ main(int argc, char *argv[])
 				break;
 
 			case 'u':
-				STRNCPY(g_username, optarg, sizeof(g_username));
+				g_username = (char *) xmalloc(strlen(optarg) + 1);
+				STRNCPY(g_username, optarg, strlen(optarg) + 1);
 				username_option = 1;
 				break;
 
@@ -846,8 +847,10 @@ main(int argc, char *argv[])
 			error("could not determine username, use -u\n");
 			return 1;
 		}
-
-		STRNCPY(g_username, pw->pw_name, sizeof(g_username));
+		/* +1 for trailing \0 */
+		int pwlen = strlen(pw->pw_name) + 1;
+		g_username = (char *) xmalloc(pwlen);
+		STRNCPY(g_username, pw->pw_name, pwlen);
 	}
 
 #ifdef HAVE_ICONV
@@ -962,6 +965,8 @@ main(int argc, char *argv[])
 			rdesktop_reset_state();
 
 			STRNCPY(domain, g_redirect_domain, sizeof(domain));
+			xfree(g_username);
+			g_username = (char *) xmalloc(strlen(g_redirect_username) + 1);
 			STRNCPY(g_username, g_redirect_username, sizeof(g_username));
 			STRNCPY(password, g_redirect_password, sizeof(password));
 			STRNCPY(server, g_redirect_server, sizeof(server));
@@ -1006,7 +1011,10 @@ main(int argc, char *argv[])
 	}
 
 #endif
+	if (g_redirect_username)
+		xfree(g_redirect_username);
 
+	xfree(g_username);
 }
 
 #ifdef EGD_SOCKET
diff --git a/rdp.c b/rdp.c
index a283397..b5ee4ed 100644
--- a/rdp.c
+++ b/rdp.c
@@ -36,7 +36,7 @@
 #endif
 
 extern uint16 g_mcs_userid;
-extern char g_username[64];
+extern char *g_username;
 extern char g_codepage[16];
 extern RD_BOOL g_bitmap_compression;
 extern RD_BOOL g_orders;
@@ -63,7 +63,7 @@ extern RD_BOOL g_redirect;
 extern char g_redirect_server[64];
 extern char g_redirect_domain[16];
 extern char g_redirect_password[64];
-extern char g_redirect_username[64];
+extern char *g_redirect_username;
 extern char g_redirect_cookie[128];
 extern uint32 g_redirect_flags;
 /* END Session Directory support */
@@ -1379,7 +1379,8 @@ process_redirect_pdu(STREAM s /*, uint32 * ext_disc_reason */ )
 	in_uint32_le(s, len);
 
 	/* read username string */
-	rdp_in_unistr(s, g_redirect_username, sizeof(g_redirect_username), len);
+	g_redirect_username = (char *) xmalloc(len + 1);
+	rdp_in_unistr(s, g_redirect_username, strlen(g_redirect_username), len);
 
 	/* read length of domain string */
 	in_uint32_le(s, len);