diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index 8d15f7314..d19526724 100644
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -731,8 +731,10 @@ int CmdHF14ACmdRaw(const char *cmd) {
 
 	if(topazmode)
 		c.arg[0] |= ISO14A_TOPAZMODE;
-		
+			
 	// Max buffer is USB_CMD_DATA_SIZE
+	datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen;
+		
     c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
     memcpy(c.d.asBytes,data,datalen);
 
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index b2d5494fb..272f1ade2 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -2027,7 +2027,10 @@ int CmdHF14AMfSniff(const char *Cmd){
 			uint16_t traceLen = resp.arg[1];
 			len = resp.arg[2];
 
-			if (res == 0) return 0;						// we are done
+			if (res == 0) {
+				free(buf);
+				return 0;						// we are done
+			}
 
 			if (res == 1) {								// there is (more) data to be transferred
 				if (pckNum == 0) {						// first packet, (re)allocate necessary buffer