diff --git a/apps/wolfsshd/auth.c b/apps/wolfsshd/auth.c
index 2fe00049b..8a7eaebee 100644
--- a/apps/wolfsshd/auth.c
+++ b/apps/wolfsshd/auth.c
@@ -787,9 +787,9 @@ static int CheckPasswordWIN(const char* usr, const byte* pw, word32 pwSz, WOLFSS
 
     ret = WSSHD_AUTH_SUCCESS;
 
-    usrWSz = WSTRLEN(usr) * sizeof(WCHAR);
+    usrWSz = WSTRLEN(usr);
 
-    usrW = (WCHAR*)WMALLOC((usrWSz * sizeof(WCHAR)) + sizeof(WCHAR), authCtx->heap, DYNTYPE_SSHD);
+    usrW = (WCHAR*)WMALLOC((usrWSz + 1) * sizeof(WCHAR), authCtx->heap, DYNTYPE_SSHD);
     if (usrW == NULL) {
         wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Ran out of memory");
         ret = WSSHD_AUTH_FAILURE;
@@ -797,7 +797,7 @@ static int CheckPasswordWIN(const char* usr, const byte* pw, word32 pwSz, WOLFSS
 
     if (ret == WSSHD_AUTH_SUCCESS) {
         size_t wr = 0;
-        if (mbstowcs_s(&wr, usrW, usrWSz, usr, usrWSz-1) != 0) {
+        if (mbstowcs_s(&wr, usrW, usrWSz + 1, usr, usrWSz) != 0) {
             ret = WSSHD_AUTH_FAILURE;
         }
     }
@@ -946,7 +946,7 @@ static int SetupUserTokenWin(const char* usr,
 
             /* write domain name after the user name in buffer */
             l->DomainName.Length = (USHORT)(wcslen(dmW) * sizeof(wchar_t));
-            l->DomainName.MaximumLength = l->UserPrincipalName.Length;
+            l->DomainName.MaximumLength = l->DomainName.Length;
             l->DomainName.Buffer = (WCHAR*)((byte*)(l->UserPrincipalName.Buffer) + l->UserPrincipalName.Length);
             memcpy_s(l->DomainName.Buffer, l->DomainName.Length, dmW, l->DomainName.Length);
         }