diff --git a/components/wpa_supplicant/src/eap_peer/eap_peap.c b/components/wpa_supplicant/src/eap_peer/eap_peap.c
index 0a9eb2df5b..e4dc7d37d6 100644
--- a/components/wpa_supplicant/src/eap_peer/eap_peap.c
+++ b/components/wpa_supplicant/src/eap_peer/eap_peap.c
@@ -1104,7 +1104,7 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
 		}
 
 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
-			char label[24];
+			char label[24] = {0};
 			wpa_printf(MSG_DEBUG, "EAP-PEAP: TLS done, proceed to Phase 2");
 			os_free(data->key_data);
 			/* draft-josefsson-ppext-eap-tls-eap-05.txt
diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c
index 46b660d46c..6bb5bd87d2 100644
--- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c
+++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c
@@ -136,6 +136,10 @@ static u8 *wpa3_build_sae_msg(u8 *bssid, u32 sae_msg_type, u32 *sae_msg_len)
 
     switch (sae_msg_type) {
         case SAE_MSG_COMMIT:
+            /* Do not go for SAE when WPS is ongoing */
+            if (esp_wifi_get_wps_status_internal() != WPS_STATUS_DISABLE) {
+                return NULL;
+            }
             if (ESP_OK != wpa3_build_sae_commit(bssid))
                 return NULL;
             *sae_msg_len = (u32)wpabuf_len(g_sae_commit);
diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c
index 92d348b449..dba71dbdd7 100644
--- a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c
+++ b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c
@@ -612,7 +612,7 @@ wps_parse_scan_result(struct wps_scan_ie *scan)
             }
             esp_wifi_enable_sta_privacy_internal();
             os_memset(sm->config.ssid, 0, sizeof(sm->config.ssid));
-            strncpy((char *)sm->config.ssid, (char *)&scan->ssid[2], (int)scan->ssid[1]);
+            os_memcpy(sm->config.ssid, (char *)&scan->ssid[2], (int)scan->ssid[1]);
             if (scan->bssid && memcmp(sm->config.bssid, scan->bssid, ETH_ALEN) != 0) {
                 wpa_printf(MSG_INFO, "sm BSSid: "MACSTR " scan BSSID " MACSTR "\n",
                            MAC2STR(sm->config.bssid), MAC2STR(scan->bssid));
@@ -2133,7 +2133,7 @@ int wifi_wps_enable_internal(const esp_wps_config_t *config)
     ret = wifi_station_wps_init();
 
     if (ret != 0) {
-        wps_set_type(WPS_STATUS_DISABLE);
+        wps_set_type(WPS_TYPE_DISABLE);
         wps_set_status(WPS_STATUS_DISABLE);
         return ESP_FAIL;
     }
diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c
index 5e3e363bb2..5e2c79888f 100644
--- a/components/wpa_supplicant/src/rsn_supp/wpa.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.c
@@ -2166,8 +2166,15 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
     if (sm->key_mgmt == WPA_KEY_MGMT_SAE ||
 	    is_wpa2_enterprise_connection()) {
         if (!esp_wifi_skip_supp_pmkcaching() && use_pmk_cache) {
-            pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0);
-            wpa_sm_set_pmk_from_pmksa(sm);
+            if (pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0) == 0) {
+                struct rsn_pmksa_cache_entry *pmksa = pmksa_cache_get_current(sm);
+                if (pmksa && (pmksa->akmp != sm->key_mgmt)) {
+                    pmksa_cache_clear_current(sm);
+                    pmksa_cache_flush(sm->pmksa, NULL, pmksa->pmk, pmksa->pmk_len);
+                }
+            } else {
+                wpa_sm_set_pmk_from_pmksa(sm);
+            }
         } else {
             struct rsn_pmksa_cache_entry *entry = NULL;