diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index f3a3ab369..2c892fc99 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -9153,8 +9153,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
     val = in[inIdx++];
 
     w = XSNPRINTF(out, outSz, "%u.%u", val / 40, val % 40);
-    if (w < 0)
+    if (w < 0) {
+        w = BUFFER_E;
         goto exit;
+    }
     outIdx += w;
     val = 0;
 
@@ -9169,8 +9171,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
             /* write val as text into out */
             val += in[inIdx];
             w = XSNPRINTF(out + outIdx, outSz - outIdx, ".%u", val);
-            if (w < 0)
+            if (w < 0 || (word32)w > outSz - outIdx) {
+                w = BUFFER_E;
                 goto exit;
+            }
             outIdx += w;
             val = 0;
         }
@@ -16023,7 +16027,7 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap)
                 oid[i++] = (byte) (((tb++) ? 0x80 : 0) | x);
             }
 
-            if ((idx+(word32)i) > *outSz) {
+            if ((idx+(word32)i) >= *outSz) {
                 XFREE(str, heap, DYNAMIC_TYPE_TMP_BUFFER);
                 return BUFFER_E;
             }