diff --git a/baselib/msglib/src/standard/messenger_device_session_manager.c b/baselib/msglib/src/standard/messenger_device_session_manager.c
index c2335f84db637a62fd5b6c6a60a7aa217682244e..a10d0497232e8736e66bffbf1cba1a39eb4e3340 100644
--- a/baselib/msglib/src/standard/messenger_device_session_manager.c
+++ b/baselib/msglib/src/standard/messenger_device_session_manager.c
@@ -27,6 +27,7 @@
 #include "utils_mutex.h"
 
 #define IS_SERVER 0
+#define MSG_BUFF_MAX_LENGTH (81920 * 4)
 
 static int MessengerOnSessionOpened(int sessionId, int result);
 static void MessengerOnSessionClosed(int sessionId);
@@ -250,6 +251,11 @@ static void MessengerOnSessionClosed(int sessionId)
 
 static void MessengerOnBytesReceived(int sessionId, const void *data, unsigned int dataLen)
 {
+    if (data == NULL || dataLen == 0 || dataLen > MSG_BUFF_MAX_LENGTH) {
+        SECURITY_LOG_ERROR("invalid msg received");
+        return;
+    }
+
     DeviceIdentify identity = {DEVICE_ID_MAX_LEN, {0}};
     uint32_t maskId;
     bool ret = GetDeviceIdentityFromSessionId(sessionId, &identity, &maskId);
@@ -432,7 +438,7 @@ static void CreateNewDeviceSession(const DeviceIdentify *devId)
 
 void MessengerSendMsgTo(uint64_t transNo, const DeviceIdentify *devId, const uint8_t *msg, uint32_t msgLen)
 {
-    if (devId == NULL || msg == NULL || msgLen == 0) {
+    if (devId == NULL || msg == NULL || msgLen == 0 || msgLen > MSG_BUFF_MAX_LENGTH) {
         SECURITY_LOG_ERROR("invalid params");
         return;
     }
diff --git a/oem_property/ohos/impl/hks_adapter.c b/oem_property/ohos/impl/hks_adapter.c
index 8ea73836c88182e863562be7133ac4fb8266ce4e..1313ae510a542e1f2a7668e17d98e9123d215f3e 100644
--- a/oem_property/ohos/impl/hks_adapter.c
+++ b/oem_property/ohos/impl/hks_adapter.c
@@ -107,6 +107,7 @@ int32_t ConstructHksCertChain(struct HksCertChain **certChain, const struct HksC
     (*certChain)->certs = (struct HksBlob *)MALLOC(sizeof(struct HksBlob) * ((*certChain)->certsCount));
     if ((*certChain)->certs == NULL) {
         FREE(*certChain);
+        *certChain = NULL;
         return ERR_NO_MEMORY;
     }
     for (uint32_t i = 0; i < (*certChain)->certsCount; i++) {
@@ -118,6 +119,7 @@ int32_t ConstructHksCertChain(struct HksCertChain **certChain, const struct HksC
         (*certChain)->certs[i].data = (uint8_t *)MALLOC((*certChain)->certs[i].size);
         if ((*certChain)->certs[i].data == NULL) {
             DestroyHksCertChain(*certChain);
+            *certChain = NULL;
             return ERR_NO_MEMORY;
         }
         (void)memset_s((*certChain)->certs[i].data, certChainParam->certDataSize, 0, certChainParam->certDataSize);
diff --git a/services/dslm/dslm_credential.c b/services/dslm/dslm_credential.c
index fdb88478d30e3346685c572bb4746f6c52c31b89..1ff2ef05574b711d25dd3ca95612b34dc8c1e683 100644
--- a/services/dslm/dslm_credential.c
+++ b/services/dslm/dslm_credential.c
@@ -23,6 +23,8 @@
 #include "utils_log.h"
 #include "utils_mem.h"
 
+#define MAX_CRED_LEN 81920
+
 static inline ProcessDslmCredFunctions *GetFunctionCb()
 {
     static ProcessDslmCredFunctions cb = {NULL, NULL, NULL, 0, {0}};
@@ -76,7 +78,7 @@ int32_t DefaultInitDslmCred(DslmCredInfo *credInfo)
 
 int32_t GetSupportedCredTypes(CredType *list, uint32_t len)
 {
-    if ((list == NULL) || len == 0) {
+    if (list == NULL || len == 0) {
         return 0;
     }
     ProcessDslmCredFunctions *cb = GetFunctionCb();
@@ -92,9 +94,10 @@ int32_t GetSupportedCredTypes(CredType *list, uint32_t len)
 
 DslmCredBuff *CreateDslmCred(CredType type, uint32_t len, uint8_t *value)
 {
-    if ((len == 0) || (value == NULL)) {
+    if (value == NULL || len == 0 || len > MAX_CRED_LEN) {
         return NULL;
     }
+
     DslmCredBuff *outBuff = (DslmCredBuff *)MALLOC(sizeof(DslmCredBuff));
     if (outBuff == NULL) {
         return NULL;
diff --git a/services/dslm/dslm_fsm_process.c b/services/dslm/dslm_fsm_process.c
index b9efd070b224d7583322c66dd6d64c9fa7530887..e43905c42f20d1a22578e8350c600bc08c0489a5 100644
--- a/services/dslm/dslm_fsm_process.c
+++ b/services/dslm/dslm_fsm_process.c
@@ -136,7 +136,7 @@ static bool CheckTimesAndSendCredRequest(DslmDeviceInfo *info, bool enforce)
 static void ProcessSendDeviceInfoCallback(DslmDeviceInfo *info, DslmInfoChecker checker)
 {
 #ifndef MAX_HISTORY_CNT
-#define MAX_HISTORY_CNT 30
+#define MAX_HISTORY_CNT 30U
 #endif
 
     if (info == NULL || checker == NULL) {
@@ -178,7 +178,7 @@ static bool CheckNeedToResend(const DslmDeviceInfo *info)
     if (info->lastOnlineTime < info->lastRequestTime) {
         return true;
     }
-    if (info->lastOnlineTime - info->lastRequestTime > REQUEST_INTERVAL) {
+    if (info->lastOnlineTime - info->lastRequestTime > (uint64_t)REQUEST_INTERVAL) {
         return true;
     }
     return false;
@@ -350,7 +350,7 @@ static void RefreshNotifyList(DslmDeviceInfo *info)
 
     // just refresh the notify list size
     ListNode *node = NULL;
-    int32_t size = 0;
+    uint32_t size = 0;
     FOREACH_LIST_NODE (node, &info->notifyList) {
         size++;
     }
@@ -370,11 +370,11 @@ static void RefreshHistoryList(DslmDeviceInfo *info)
     ListNode *node = NULL;
     ListNode *temp = NULL;
 
-    int32_t historyCnt = 0;
+    uint32_t historyCnt = 0;
     FOREACH_LIST_NODE_SAFE (node, &info->historyList, temp) {
         historyCnt++;
     }
-    int32_t delCnt = historyCnt > MAX_HISTORY_CNT ? (historyCnt - MAX_HISTORY_CNT) : 0;
+    uint32_t delCnt = historyCnt > MAX_HISTORY_CNT ? (historyCnt - MAX_HISTORY_CNT) : 0;
 
     info->historyListSize = historyCnt - delCnt;
 
diff --git a/test/dslm_unit_test/BUILD.gn b/test/dslm_unit_test/BUILD.gn
index ec9a8ae92eb5b49bfaeead855203996a9c4964b2..110684bdc267d688c570d556a61cb6d472736963 100644
--- a/test/dslm_unit_test/BUILD.gn
+++ b/test/dslm_unit_test/BUILD.gn
@@ -36,12 +36,13 @@ ohos_unittest("dslm_test") {
   include_dirs = [
     "//base/security/device_security_level/common/include",
     "//base/security/device_security_level/interfaces/inner_api/include",
+    "//base/security/device_security_level/interfaces/inner_api/src/standard",
     "//base/security/device_security_level/services/include",
     "//base/security/device_security_level/services/dslm",
     "//base/security/device_security_level/services/sa/common",
-    "//base/security/device_security_level/baselib/msglib/include/",
-    "//base/security/device_security_level/oem_property/common/",
-    "//base/security/device_security_level/oem_property/ohos/impl/",
+    "//base/security/device_security_level/baselib/msglib/include",
+    "//base/security/device_security_level/oem_property/common",
+    "//base/security/device_security_level/oem_property/ohos/impl",
   ]
 
   configs = [ "//base/security/device_security_level/common:common_configs" ]
diff --git a/test/dslm_unit_test/dslm_oem_property_test.cpp b/test/dslm_unit_test/dslm_oem_property_test.cpp
index 397b1859b4e6f046f21d5532e77605d9ca53732c..614d543fa778275a2b4bb633fca3af78f82103d9 100644
--- a/test/dslm_unit_test/dslm_oem_property_test.cpp
+++ b/test/dslm_unit_test/dslm_oem_property_test.cpp
@@ -961,7 +961,7 @@ HWTEST_F(DslmOemPropertyTest, HksCertChainToBuffer_case1, TestSize.Level0)
  */
 HWTEST_F(DslmOemPropertyTest, DestroyHksCertChain_case1, TestSize.Level0)
 {
-    struct HksCertChain *chain = (struct HksCertChain *)MALLOC(sizeof(struct HksCertChain *));
+    struct HksCertChain *chain = (struct HksCertChain *)MALLOC(sizeof(struct HksCertChain));
     ASSERT_NE(nullptr, chain);
     struct HksBlob *blob = (struct HksBlob *)MALLOC(sizeof(struct HksBlob));
     ASSERT_NE(nullptr, blob);
diff --git a/test/dslm_unit_test/dslm_test.cpp b/test/dslm_unit_test/dslm_test.cpp
index 49cc166c4dcbb9da9d9075c0c64dff3e4758172e..947dea42e55636727550c3f9abea7ff8df8e1099 100644
--- a/test/dslm_unit_test/dslm_test.cpp
+++ b/test/dslm_unit_test/dslm_test.cpp
@@ -29,6 +29,7 @@
 
 #include "device_security_defines.h"
 #include "device_security_info.h"
+#include "device_security_level_defines.h"
 #include "dslm_core_defines.h"
 #include "dslm_core_process.h"
 #include "dslm_credential.h"
@@ -761,7 +762,7 @@ HWTEST_F(DslmTest, OnRequestDeviceSecLevelInfo_case2, TestSize.Level0)
 
 HWTEST_F(DslmTest, OnRequestDeviceSecLevelInfo_case3, TestSize.Level0)
 {
-    constexpr uint32_t MAX_NOTIFY_SIZE = 64;
+    constexpr uint32_t maxNotifySize = 64;
 
     const DeviceIdentify device = {DEVICE_ID_MAX_LEN, {'a'}};
     const RequestOption option = {
@@ -790,17 +791,17 @@ HWTEST_F(DslmTest, OnRequestDeviceSecLevelInfo_case3, TestSize.Level0)
     EXPECT_EQ(info->notifyListSize, 0U);
 
     DslmRequestCallbackMock callback;
-    EXPECT_CALL(callback, RequestCallback(cookie, Ne(0U), Ne(nullptr))).Times(Exactly(MAX_NOTIFY_SIZE));
-    for (uint32_t i = 1; i <= MAX_NOTIFY_SIZE; i++) {
+    EXPECT_CALL(callback, RequestCallback(cookie, Ne(0U), Ne(nullptr))).Times(Exactly(maxNotifySize));
+    for (uint32_t i = 1; i <= maxNotifySize; i++) {
         int32_t ret = OnRequestDeviceSecLevelInfo(&device, &option, 0, cookie, DslmRequestCallbackMock::MockedCallback);
         EXPECT_EQ(static_cast<uint32_t>(ret), 0U);
         EXPECT_EQ(info->notifyListSize, i);
         EXPECT_EQ(info->historyListSize, 0U);
     }
-    for (uint32_t i = 1; i <= MAX_NOTIFY_SIZE; i++) {
+    for (uint32_t i = 1; i <= maxNotifySize; i++) {
         int32_t ret = OnRequestDeviceSecLevelInfo(&device, &option, 0, cookie, DslmRequestCallbackMock::MockedCallback);
         EXPECT_EQ(static_cast<uint32_t>(ret), ERR_SA_BUSY);
-        EXPECT_EQ(info->notifyListSize, MAX_NOTIFY_SIZE);
+        EXPECT_EQ(info->notifyListSize, maxNotifySize);
         EXPECT_EQ(info->historyListSize, 0U);
     }
     mockMsg.MakeDeviceOffline(&device);
@@ -1466,6 +1467,49 @@ HWTEST_F(DslmTest, ReportHiEventAppInvoke_case1, TestSize.Level0)
     ReportHiEventInfoSync(&info);
     ReportHiEventAppInvoke(nullptr);
 }
+
+/**
+ * @tc.name: GetDeviceSecurityLevelValue_case1
+ * @tc.desc: function GetDeviceSecurityLevelValue with malformed inputs
+ * @tc.type: FUNC
+ * @tc.require: issueNumber
+ */
+HWTEST_F(DslmTest, GetDeviceSecurityLevelValue_case1, TestSize.Level0)
+{
+    int32_t ret;
+    int32_t level = 0;
+    DeviceSecurityInfo info = {.magicNum = 0xcd, .result = 0, .level = 0};
+
+    ret = GetDeviceSecurityLevelValue(nullptr, &level);
+    EXPECT_EQ(ERR_INVALID_PARA, ret);
+
+    ret = GetDeviceSecurityLevelValue(&info, nullptr);
+    EXPECT_EQ(ERR_INVALID_PARA, ret);
+}
+
+/**
+ * @tc.name: RequestDeviceSecurityInfoAsync_case1
+ * @tc.desc: function RequestDeviceSecurityInfoAsync with malformed inputs
+ * @tc.type: FUNC
+ * @tc.require: issueNumber
+ */
+HWTEST_F(DslmTest, RequestDeviceSecurityInfoAsync_case1, TestSize.Level0)
+{
+    int32_t ret;
+    const DeviceIdentify device = {DEVICE_ID_MAX_LEN, {'a', 'b', 'c', 'd', 'e', 'f', 'g'}};
+    RequestOption opt = {.challenge = 0xcd, .timeout = 400, .extra = 0};
+    auto callback = [](const DeviceIdentify *identify, struct DeviceSecurityInfo *info) { return; };
+
+    ret = RequestDeviceSecurityInfoAsync(nullptr, &opt, callback);
+    EXPECT_EQ(ERR_INVALID_PARA, ret);
+
+    ret = RequestDeviceSecurityInfoAsync(&device, &opt, nullptr);
+    EXPECT_EQ(ERR_INVALID_PARA, ret);
+
+    // malformed option->timeout > MAX_KEEP_LEN
+    ret = RequestDeviceSecurityInfoAsync(&device, &opt, callback);
+    EXPECT_EQ(ERR_INVALID_PARA, ret);
+}
 } // namespace DslmUnitTest
 } // namespace Security
 } // namespace OHOS
\ No newline at end of file