diff --git a/nfq/desync.c b/nfq/desync.c
index d421c63..534ff6e 100644
--- a/nfq/desync.c
+++ b/nfq/desync.c
@@ -1236,9 +1236,14 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
 	if (!replay && !process_desync_interval(ctrack)) return verdict;
 
 	uint32_t desync_fwmark = fwmark | params.desync_fwmark;
-	ttl_orig = ip ? ip->ip_ttl : ip6hdr->ip6_ctlun.ip6_un1.ip6_un1_hlim;
-	if (ip6hdr) ttl_fake = params.desync_ttl6 ? params.desync_ttl6 : ttl_orig;
-	else ttl_fake = params.desync_ttl ? params.desync_ttl : ttl_orig;
+
+	if (ip6hdr) {
+		ttl_orig = ip ? ip->ip_ttl : ip6hdr->ip6_ctlun.ip6_un1.ip6_un1_hlim;
+		ttl_fake = params.desync_ttl6 ? params.desync_ttl6 : ttl_orig;
+	} else {
+		ttl_orig = ip ? ip->ip_ttl : 0;
+		ttl_fake = params.desync_ttl ? params.desync_ttl : ttl_orig;
+	}
 	extract_endpoints(ip, ip6hdr, NULL, udphdr, &src, &dst);
 	
 	if (len_payload)
diff --git a/nfq/protocol.c b/nfq/protocol.c
index d513f25..04f8f04 100644
--- a/nfq/protocol.c
+++ b/nfq/protocol.c
@@ -277,7 +277,7 @@ static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, s
 	// u16	data+0 - name list length
 	// u8	data+2 - server name type. 0=host_name
 	// u16	data+3 - server name length
-	if (elen < 5 || ext[2] != 0) return false;
+	if (elen < 5 || (ext && ext[2] != 0)) return false;
 	size_t slen = pntoh16(ext + 3);
 	ext += 5; elen -= 5;
 	if (slen < elen) return false;
diff --git a/tpws/protocol.c b/tpws/protocol.c
index be88068..7d3fb1c 100644
--- a/tpws/protocol.c
+++ b/tpws/protocol.c
@@ -267,7 +267,7 @@ static bool TLSExtractHostFromExt(const uint8_t *ext, size_t elen, char *host, s
 	// u16	data+0 - name list length
 	// u8	data+2 - server name type. 0=host_name
 	// u16	data+3 - server name length
-	if (elen < 5 || ext[2] != 0) return false;
+	if (elen < 5 || (ext && ext[2] != 0)) return false;
 	size_t slen = pntoh16(ext + 3);
 	ext += 5; elen -= 5;
 	if (slen < elen) return false;