diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp
index 59ed93fc6ecf2ba8bf0f698236eada2e7cb42425..d486076012b0ace3b08e6c65fffc029576b9c92f 100755
--- a/src/daemon/daemon.cpp
+++ b/src/daemon/daemon.cpp
@@ -446,7 +446,8 @@ bool HdcDaemon::AlreadyInKnownHosts(const string& key)
     }
 
     std::string keys((std::istreambuf_iterator<char>(keyifs)), std::istreambuf_iterator<char>());
-    if (keys.find(key) != string::npos) {
+    const int keyLength = 625;
+    if (keys.find(key) != string::npos && key.size() == keyLength) {
         keyifs.close();
         return true;
     }
@@ -658,7 +659,9 @@ bool HdcDaemon::AuthVerifyRsa(HSession hSession, const string &encryptToken, con
     unsigned char decryptToken[BUF_SIZE_DEFAULT] = { 0 };
 
     // for rsa encrypt, the length of encryptToken can't bigger than BUF_SIZE_DEFAULT
-    if (encryptToken.length() > BUF_SIZE_DEFAULT2) {
+    const int scaleOfEncrypt = 4;
+    const int scaleOfDecode = 3;
+    if (encryptToken.length() > BUF_SIZE_DEFAULT / scaleOfDecode * scaleOfEncrypt) {
         WRITE_LOG(LOG_FATAL, "invalid encryptToken, length is %zd", encryptToken.length());
         return false;
     }
@@ -732,12 +735,14 @@ bool HdcDaemon::HandDaemonAuth(HSession hSession, const uint32_t channelId, Sess
 
     if (handshake.authType == AUTH_NONE) {
         return HandDaemonAuthInit(hSession, channelId, handshake);
-    } else if (handshake.authType == AUTH_PUBLICKEY) {
+    } else if (GetSessionAuthStatus(hSession->sessionId) == AUTH_NONE
+        && GetSessionAuthToken(hSession->sessionId).size() > 0
+        && handshake.authType == AUTH_PUBLICKEY) {
         return HandDaemonAuthPubkey(hSession, channelId, handshake);
-    } else if (handshake.authType == AUTH_SIGNATURE) {
+    } else if (GetSessionAuthStatus(hSession->sessionId) == AUTH_PUBLICKEY && handshake.authType == AUTH_SIGNATURE) {
         return HandDaemonAuthSignature(hSession, channelId, handshake);
 #ifdef HDC_SUPPORT_ENCRYPT_TCP
-    } else if (handshake.authType == AUTH_SSL_TLS_PSK) {
+    } else if (GetSessionAuthStatus(hSession->sessionId) == AUTH_PUBLICKEY && handshake.authType == AUTH_SSL_TLS_PSK) {
         return DaemonSSLHandshake(hSession, channelId, handshake);
 #endif
     } else {
@@ -996,7 +1001,7 @@ bool HdcDaemon::FetchCommand(HSession hSession, const uint32_t channelId, const
         }
         case CMD_KERNEL_CHANNEL_CLOSE: {  // Daemon is only cleaning up the Channel task
             ClearOwnTasks(hSession, channelId);
-            if (*payload != 0) {
+            if (payloadSize >= 1 & *payload != 0) {
                 --(*payload);
                 Send(hSession->sessionId, channelId, CMD_KERNEL_CHANNEL_CLOSE, payload, 1);
             }