diff --git a/components/bl602/bl602_wifidrv/bl60x_wifi_driver/wifi_mgmr_profile.c b/components/bl602/bl602_wifidrv/bl60x_wifi_driver/wifi_mgmr_profile.c
index aa4965b07..c889f66ec 100644
--- a/components/bl602/bl602_wifidrv/bl60x_wifi_driver/wifi_mgmr_profile.c
+++ b/components/bl602/bl602_wifidrv/bl60x_wifi_driver/wifi_mgmr_profile.c
@@ -48,7 +48,7 @@ int wifi_mgmr_profile_add(wifi_mgmr_t *mgmr, wifi_mgmr_profile_msg_t *profile_ms
         for (i = 0; i < sizeof(mgmr->profiles)/sizeof(mgmr->profiles[0]); i++) {
             if (0 == mgmr->profiles[i].isUsed) {
                 profile = &(mgmr->profiles[i]);
-                
+
                 mgmr->profile_active_index = i;
                 os_printf("[WF][PF] Using free profile, idx is @%d\r\n", i);
                 break;
@@ -65,10 +65,10 @@ int wifi_mgmr_profile_add(wifi_mgmr_t *mgmr, wifi_mgmr_profile_msg_t *profile_ms
     profile->psk_len = profile_msg->psk_len;
     profile->pmk_len = profile_msg->pmk_len;
     profile->priority = 255;
-    memcpy(profile->ssid, profile_msg->ssid, sizeof(profile->ssid));
-    memcpy(profile->psk, profile_msg->psk, sizeof(profile->psk));
-    memcpy(profile->pmk, profile_msg->pmk, sizeof(profile->pmk));
-    memcpy(profile->mac, profile_msg->mac, sizeof(profile->mac));
+    memcpy(profile->ssid, profile_msg->ssid, sizeof(profile_msg->ssid));
+    memcpy(profile->psk, profile_msg->psk, sizeof(profile_msg->psk));
+    memcpy(profile->pmk, profile_msg->pmk, sizeof(profile_msg->pmk));
+    memcpy(profile->mac, profile_msg->mac, sizeof(profile_msg->mac));
     profile->dhcp_use = profile_msg->dhcp_use;
 
     return 0;
@@ -122,10 +122,10 @@ int wifi_mgmr_profile_get(wifi_mgmr_t *mgmr, wifi_mgmr_profile_msg_t *profile_ms
     profile_msg->psk_len = profile->psk_len;
     profile_msg->pmk_len = profile->pmk_len;
     profile_msg->dhcp_use = profile->dhcp_use;
-    memcpy(profile_msg->ssid, profile->ssid, sizeof(profile->ssid));
-    memcpy(profile_msg->psk, profile->psk, sizeof(profile->psk));
-    memcpy(profile_msg->pmk, profile->pmk, sizeof(profile->pmk));
-    memcpy(profile_msg->mac, profile->mac, sizeof(profile->mac));
+    memcpy(profile_msg->ssid, profile->ssid, sizeof(profile_msg->ssid));
+    memcpy(profile_msg->psk, profile->psk, sizeof(profile_msg->psk));
+    memcpy(profile_msg->pmk, profile->pmk, sizeof(profile_msg->pmk));
+    memcpy(profile_msg->mac, profile->mac, sizeof(profile_msg->mac));
 
     return 0;
 }
@@ -149,7 +149,7 @@ int wifi_mgmr_profile_autoreconnect_is_enabled(wifi_mgmr_t *mgmr, int index)
 {
 #if 0
     wifi_mgmr_profile_t *profile;
-    
+
     profile = __lookup_profile(mgmr, index);
     if (NULL == profile) {
         return -1;
diff --git a/components/network/ble/blemesh/src/crypto.c b/components/network/ble/blemesh/src/crypto.c
index 4a99e4d6d..55d579ce9 100644
--- a/components/network/ble/blemesh/src/crypto.c
+++ b/components/network/ble/blemesh/src/crypto.c
@@ -213,7 +213,7 @@ static int bt_mesh_ccm_decrypt(const u8_t key[16], u8_t nonce[13],
 	size_t i, j;
 	int err;
 
-	if (msg_len < 1 || aad_len >= 0xff00) {
+	if (msg_len < 1 || aad_len >= 0xff00 || (aad_len && !aad)) {
 		return -EINVAL;
 	}
 
@@ -377,7 +377,7 @@ static int bt_mesh_ccm_encrypt(const u8_t key[16], u8_t nonce[13],
 	BT_DBG("aad_len %zu mic_size %zu", aad_len, mic_size);
 
 	/* Unsupported AAD size */
-	if (aad_len >= 0xff00) {
+	if (aad_len >= 0xff00 || (aad_len && !aad)) {
 		return -EINVAL;
 	}
 
diff --git a/components/security/mbedtls/src/ssl_cli.c b/components/security/mbedtls/src/ssl_cli.c
index 223823b3c..7a222e265 100644
--- a/components/security/mbedtls/src/ssl_cli.c
+++ b/components/security/mbedtls/src/ssl_cli.c
@@ -342,7 +342,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
 
     *olen = 6;
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || 
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
           MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -1217,7 +1217,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
         {
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
             ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif            
+#endif
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
             ssl->handshake->ecjpake_ctx.point_format = p[0];
 #endif
@@ -1232,7 +1232,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) );
     return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || 
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
           MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -2339,7 +2339,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
     {
-        size_t sig_len, hashlen;
+        size_t sig_len, hashlen = 0;
         unsigned char hash[64];
         mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
         mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
@@ -2726,7 +2726,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
 static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
 {
     int ret;
-    size_t i, n;
+    size_t i = 0, n = 0;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
diff --git a/components/security/mbedtls/src/ssl_tls.c b/components/security/mbedtls/src/ssl_tls.c
index a16b62113..80b83a70d 100644
--- a/components/security/mbedtls/src/ssl_tls.c
+++ b/components/security/mbedtls/src/ssl_tls.c
@@ -488,8 +488,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
     unsigned char keyblk[256];
     unsigned char *key1;
     unsigned char *key2;
-    unsigned char *mac_enc;
-    unsigned char *mac_dec;
+    unsigned char *mac_enc = NULL;
+    unsigned char *mac_dec = NULL;
     size_t iv_copy_len;
     const mbedtls_cipher_info_t *cipher_info;
     const mbedtls_md_info_t *md_info;
@@ -817,7 +817,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
     if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
     {
-        if( transform->maclen > sizeof transform->mac_enc )
+        if( (transform->maclen > sizeof transform->mac_enc) || (!mac_enc) || (!mac_dec) )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -830,7 +830,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 && mac_enc && mac_dec)
     {
         mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen );
         mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen );