diff --git a/audio/src/fetch/receive.rs b/audio/src/fetch/receive.rs
index 270a62c8..b3d97eb4 100644
--- a/audio/src/fetch/receive.rs
+++ b/audio/src/fetch/receive.rs
@@ -418,7 +418,7 @@ pub(super) async fn audio_file_fetch(
                         None => break,
                     }
                 }
-                data = file_data_rx.recv() => {
+            data = file_data_rx.recv() => {
                 match data {
                     Some(data) => {
                         if fetch.handle_file_data(data)? == ControlFlow::Break {
diff --git a/core/src/authentication.rs b/core/src/authentication.rs
index ad7cf331..a4d34e2b 100644
--- a/core/src/authentication.rs
+++ b/core/src/authentication.rs
@@ -15,6 +15,8 @@ use crate::{protocol::authentication::AuthenticationType, Error};
 pub enum AuthenticationError {
     #[error("unknown authentication type {0}")]
     AuthType(u32),
+    #[error("invalid key")]
+    Key,
 }
 
 impl From<AuthenticationError> for Error {
@@ -90,6 +92,10 @@ impl Credentials {
 
         let key = {
             let mut key = [0u8; 24];
+            if key.len() < 20 {
+                return Err(AuthenticationError::Key.into());
+            }
+
             pbkdf2::<Hmac<Sha1>>(&secret, username.as_bytes(), 0x100, &mut key[0..20]);
 
             let hash = &Sha1::digest(&key[..20]);
diff --git a/core/src/dealer/mod.rs b/core/src/dealer/mod.rs
index c1a9c94d..d598e6df 100644
--- a/core/src/dealer/mod.rs
+++ b/core/src/dealer/mod.rs
@@ -448,6 +448,7 @@ async fn connect(
                     e = keep_flushing(&mut ws_tx) => {
                         break Err(e)
                     }
+                    else => (),
                 }
             };
 
diff --git a/discovery/src/server.rs b/discovery/src/server.rs
index 74af6fa3..4a251ea5 100644
--- a/discovery/src/server.rs
+++ b/discovery/src/server.rs
@@ -107,9 +107,14 @@ impl RequestHandler {
         let client_key = base64::decode(client_key.as_bytes())?;
         let shared_key = self.keys.shared_secret(&client_key);
 
+        let encrypted_blob_len = encrypted_blob.len();
+        if encrypted_blob_len < 16 {
+            return Err(DiscoveryError::HmacError(encrypted_blob.to_vec()).into());
+        }
+
         let iv = &encrypted_blob[0..16];
-        let encrypted = &encrypted_blob[16..encrypted_blob.len() - 20];
-        let cksum = &encrypted_blob[encrypted_blob.len() - 20..encrypted_blob.len()];
+        let encrypted = &encrypted_blob[16..encrypted_blob_len - 20];
+        let cksum = &encrypted_blob[encrypted_blob_len - 20..encrypted_blob_len];
 
         let base_key = Sha1::digest(&shared_key);
         let base_key = &base_key[..16];