diff --git a/services/implementation/src/dependency/hichain/hichain_auth_connector.cpp b/services/implementation/src/dependency/hichain/hichain_auth_connector.cpp
index f0614dcf2d274501fd37080746032c47b51c4206..d6ad98d38f7e6b73383c8a02f3875f0c3346ca17 100644
--- a/services/implementation/src/dependency/hichain/hichain_auth_connector.cpp
+++ b/services/implementation/src/dependency/hichain/hichain_auth_connector.cpp
@@ -23,6 +23,7 @@ namespace OHOS {
 namespace DistributedHardware {
 
 std::shared_ptr<IDmDeviceAuthCallback> HiChainAuthConnector::dmDeviceAuthCallback_ = nullptr;
+const int32_t MAX_HICHAIN_MSG_LEN = 2000;
 
 HiChainAuthConnector::HiChainAuthConnector()
 {
@@ -83,6 +84,10 @@ int32_t HiChainAuthConnector::ProcessAuthData(int64_t requestId, std::string aut
  
 bool HiChainAuthConnector::onTransmit(int64_t requestId, const uint8_t *data, uint32_t dataLen)
 {
+    if (data == nullptr || dataLen > MAX_HICHAIN_MSG_LEN) {
+        LOGE("received invaild data value.");
+        return false;
+    }
     LOGI("AuthDevice onTransmit, requestId %{public}" PRId64, requestId);
     if (dmDeviceAuthCallback_ == nullptr) {
         LOGE("HiChainAuthConnector::onTransmit dmDeviceAuthCallback_ is nullptr.");
@@ -143,6 +148,10 @@ void HiChainAuthConnector::onError(int64_t requestId, int operationCode, int err
 
 void HiChainAuthConnector::onSessionKeyReturned(int64_t requestId, const uint8_t *sessionKey, uint32_t sessionKeyLen)
 {
+    if (sessionKey == nullptr || sessionKeyLen > MAX_HICHAIN_MSG_LEN) {
+        LOGE("received invaild sessionKey value.");
+        return;
+    }
     LOGI("HiChainAuthConnector::onSessionKeyReturned start.");
     if (dmDeviceAuthCallback_ == nullptr) {
         LOGE("HiChainAuthConnector::onSessionKeyReturned dmDeviceAuthCallback_ is nullptr.");
diff --git a/services/implementation/src/dependency/hichain/hichain_connector.cpp b/services/implementation/src/dependency/hichain/hichain_connector.cpp
index c1b4f837b384cf583a772ce52ddea0cf05c3bb72..b472f979306d5b157e4568ce85c7d635de18b804 100644
--- a/services/implementation/src/dependency/hichain/hichain_connector.cpp
+++ b/services/implementation/src/dependency/hichain/hichain_connector.cpp
@@ -1120,6 +1120,7 @@ int32_t HiChainConnector::GetRelatedGroupsCommon(const std::string &deviceId, co
         deviceGroupManager_->getRelatedGroups(userId, pkgName, deviceId.c_str(), &returnGroups, &groupNum);
     if (ret != 0) {
         LOGE("[HICHAIN] fail to get related groups with ret:%{public}d.", ret);
+        deviceGroupManager_->destroyInfo(&returnGroups);
         return ERR_DM_FAILED;
     }
     if (returnGroups == nullptr) {
@@ -1131,6 +1132,7 @@ int32_t HiChainConnector::GetRelatedGroupsCommon(const std::string &deviceId, co
         return ERR_DM_FAILED;
     }
     std::string relatedGroups = std::string(returnGroups);
+    deviceGroupManager_->destroyInfo(&returnGroups);
     nlohmann::json jsonObject = nlohmann::json::parse(relatedGroups, nullptr, false);
     if (jsonObject.is_discarded()) {
         LOGE("returnGroups parse error");
@@ -1181,8 +1183,7 @@ int32_t HiChainConnector::GetRelatedGroupsCommon(int32_t userId, const std::stri
         deviceGroupManager_->getRelatedGroups(userId, pkgName, deviceId.c_str(), &returnGroups, &groupNum);
     if (ret != 0) {
         LOGE("[HICHAIN] fail to get related groups with ret:%{public}d.", ret);
-        delete[] returnGroups;
-        returnGroups = nullptr;
+        deviceGroupManager_->destroyInfo(&returnGroups);
         return ERR_DM_FAILED;
     }
     if (returnGroups == nullptr) {
@@ -1191,13 +1192,11 @@ int32_t HiChainConnector::GetRelatedGroupsCommon(int32_t userId, const std::stri
     }
     if (groupNum == 0) {
         LOGE("[HICHAIN]return related goups number is zero.");
-        delete[] returnGroups;
-        returnGroups = nullptr;
+        deviceGroupManager_->destroyInfo(&returnGroups);
         return ERR_DM_FAILED;
     }
     std::string relatedGroups = std::string(returnGroups);
-    delete[] returnGroups;
-    returnGroups = nullptr;
+    deviceGroupManager_->destroyInfo(&returnGroups);
     nlohmann::json jsonObject = nlohmann::json::parse(relatedGroups, nullptr, false);
     if (jsonObject.is_discarded()) {
         LOGE("returnGroups parse error");