From 087fba94bb47e4bf8571f266e04f1c88007e8cb6 Mon Sep 17 00:00:00 2001
From: Yosuke Shimizu <yosuke@wolfssl.com>
Date: Tue, 24 Mar 2026 10:29:20 +0900
Subject: [PATCH 1/2] Fix f_404

---
 apps/wolfsshd/auth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/wolfsshd/auth.c b/apps/wolfsshd/auth.c
index 2fe00049b..8fba01e92 100644
--- a/apps/wolfsshd/auth.c
+++ b/apps/wolfsshd/auth.c
@@ -946,7 +946,7 @@ static int SetupUserTokenWin(const char* usr,
 
             /* write domain name after the user name in buffer */
             l->DomainName.Length = (USHORT)(wcslen(dmW) * sizeof(wchar_t));
-            l->DomainName.MaximumLength = l->UserPrincipalName.Length;
+            l->DomainName.MaximumLength = l->DomainName.Length;
             l->DomainName.Buffer = (WCHAR*)((byte*)(l->UserPrincipalName.Buffer) + l->UserPrincipalName.Length);
             memcpy_s(l->DomainName.Buffer, l->DomainName.Length, dmW, l->DomainName.Length);
         }

From d0aad2be694770be7119fd1d09e3cee0eba67218 Mon Sep 17 00:00:00 2001
From: Yosuke Shimizu <yosuke@wolfssl.com>
Date: Tue, 24 Mar 2026 11:00:33 +0900
Subject: [PATCH 2/2] Fix f_405

---
 apps/wolfsshd/auth.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/wolfsshd/auth.c b/apps/wolfsshd/auth.c
index 8fba01e92..8a7eaebee 100644
--- a/apps/wolfsshd/auth.c
+++ b/apps/wolfsshd/auth.c
@@ -787,9 +787,9 @@ static int CheckPasswordWIN(const char* usr, const byte* pw, word32 pwSz, WOLFSS
 
     ret = WSSHD_AUTH_SUCCESS;
 
-    usrWSz = WSTRLEN(usr) * sizeof(WCHAR);
+    usrWSz = WSTRLEN(usr);
 
-    usrW = (WCHAR*)WMALLOC((usrWSz * sizeof(WCHAR)) + sizeof(WCHAR), authCtx->heap, DYNTYPE_SSHD);
+    usrW = (WCHAR*)WMALLOC((usrWSz + 1) * sizeof(WCHAR), authCtx->heap, DYNTYPE_SSHD);
     if (usrW == NULL) {
         wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Ran out of memory");
         ret = WSSHD_AUTH_FAILURE;
@@ -797,7 +797,7 @@ static int CheckPasswordWIN(const char* usr, const byte* pw, word32 pwSz, WOLFSS
 
     if (ret == WSSHD_AUTH_SUCCESS) {
         size_t wr = 0;
-        if (mbstowcs_s(&wr, usrW, usrWSz, usr, usrWSz-1) != 0) {
+        if (mbstowcs_s(&wr, usrW, usrWSz + 1, usr, usrWSz) != 0) {
             ret = WSSHD_AUTH_FAILURE;
         }
     }