diff --git a/examples/ocsp_responder/ocsp_responder.c b/examples/ocsp_responder/ocsp_responder.c
index f31d535e6ea..dcf9658a710 100644
--- a/examples/ocsp_responder/ocsp_responder.c
+++ b/examples/ocsp_responder/ocsp_responder.c
@@ -177,6 +177,16 @@ static int LoadFile(const char* filename, byte** buf, word32* bufSz, int* isPem)
 
     /* Check if PEM format by looking for -----BEGIN */
     if (isPem) {
+        /* Reallocate with space for null terminator for XSTRSTR */
+        byte* tmp = (byte*)XREALLOC(*buf, (word32)sz + 1, NULL,
+                                    DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmp == NULL) {
+            XFREE(*buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            *buf = NULL;
+            return MEMORY_E;
+        }
+        *buf = tmp;
+        (*buf)[sz] = '\0';
         *isPem = (XSTRSTR((char*)*buf, "-----BEGIN") != NULL) ? 1 : 0;
     }
 
@@ -749,6 +759,9 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
     opts.sendCerts = 1;
     opts.readyFile = NULL;
 
+    /* Initialize caCert */
+    XMEMSET(&caCert, 0, sizeof(caCert));
+
     /* Parse command line arguments */
     while ((ch = mygetopt_long(argc, argv, "?p:c:r:k:i:R:n:vx",
                                long_options, 0)) != -1) {
@@ -848,7 +861,6 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
     }
 
     /* Parse CA certificate to get subject */
-    XMEMSET(&caCert, 0, sizeof(caCert));
     wc_InitDecodedCert(&caCert, caCertDer, caCertDerSz, NULL);
     ret = wc_ParseCert(&caCert, CERT_TYPE, 0, NULL);
     if (ret != 0) {
diff --git a/src/ssl_api_pk.c b/src/ssl_api_pk.c
index e068e5e31c2..c35d9155549 100644
--- a/src/ssl_api_pk.c
+++ b/src/ssl_api_pk.c
@@ -226,7 +226,6 @@ static int check_cert_key(const DerBuffer* cert, const DerBuffer* key,
         InitDecodedCert_ex(der, cert->buffer, cert->length, heap, devId);
         /* Parse certificate. */
         if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
-            WC_FREE_VAR_EX(der, heap, DYNAMIC_TYPE_DCERT);
             ret = 0;
         }
      }
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 2451b8624e0..b164679ec82 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -18027,10 +18027,13 @@ static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz,
     word32 algoSz = 0;
 
     CALLOC_ASNSETDATA(dataASN, algoIdASN_Length, ret, NULL);
+
+#ifdef WOLFSSL_SMALL_STACK
     if(ret < 0) {
         /* Catch MEMORY_E */
         return 0;
     }
+#endif
 
     algoName = OidFromId((word32)algoOID, (word32)type, &algoSz);
     if (algoName == NULL) {