diff --git a/src/internal.c b/src/internal.c
index 438f1ba64..2f0abe9ce 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -825,8 +825,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
 
 #ifndef NO_PSK
     ssl->arrays.client_identity[0] = 0;
-    if (ctx->server_hint[0])   /* set in CTX */
+    if (ctx->server_hint[0]) {   /* set in CTX */
+        XMEMSET(ssl->arrays.server_hint, 0, MAX_PSK_ID_LEN);
         XSTRNCPY(ssl->arrays.server_hint, ctx->server_hint, MAX_PSK_ID_LEN);
+    }
     else
         ssl->arrays.server_hint[0] = 0;
 #endif /* NO_PSK */
@@ -1624,10 +1626,14 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
         ssl->options.havePeerCert = 1;
         /* set X509 format */
 #ifdef OPENSSL_EXTRA
-        ssl->peerCert.issuer.sz    = (int)XSTRLEN(dCert.issuer) + 1;
         XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
-        ssl->peerCert.subject.sz   = (int)XSTRLEN(dCert.subject) + 1;
+        ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
+        ssl->peerCert.issuer.sz = (int)XSTRLEN(dCert.issuer) + 1;
+
         XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
+        ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
+        ssl->peerCert.subject.sz   = (int)XSTRLEN(dCert.subject) + 1;
+
         XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
         ssl->peerCert.serialSz = dCert.serialSz;
         if (dCert.subjectCNLen < ASN_NAME_MAX) {
diff --git a/src/ssl.c b/src/ssl.c
index c8e6120fb..505c010d7 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1111,8 +1111,9 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
     #ifdef USE_WINDOWS_API 
         WIN32_FIND_DATAA FindFileData;
         HANDLE hFind;
+        char   name[MAX_FILENAME_SZ];
 
-        char name[MAX_FILENAME_SZ];
+        XMEMSET(name, 0, sizeof(name));
         XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
         XSTRNCAT(name, "\\*", 3);
 
@@ -1145,6 +1146,7 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
             if (entry->d_type & DT_REG) {
                 char name[MAX_FILENAME_SZ];
 
+                XMEMSET(name, 0, sizeof(name));
                 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
                 XSTRNCAT(name, "/", 1);
                 XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
@@ -2649,8 +2651,10 @@ int CyaSSL_set_compression(CYASSL* ssl)
         CYASSL_ENTER("SSL_CTX_use_psk_identity_hint");
         if (hint == 0)
             ctx->server_hint[0] = 0;
-        else
+        else {
             XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
+            ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
+        }
         return SSL_SUCCESS;
     }
 
@@ -2660,8 +2664,10 @@ int CyaSSL_set_compression(CYASSL* ssl)
         CYASSL_ENTER("SSL_use_psk_identity_hint");
         if (hint == 0)
             ssl->arrays.server_hint[0] = 0;
-        else
+        else {
             XSTRNCPY(ssl->arrays.server_hint, hint, MAX_PSK_ID_LEN);
+            ssl->arrays.server_hint[MAX_PSK_ID_LEN - 1] = '\0';
+        }
         return SSL_SUCCESS;
     }