diff --git a/src/sip/msg.c b/src/sip/msg.c
index ee28dbf..1af13b1 100644
--- a/src/sip/msg.c
+++ b/src/sip/msg.c
@@ -20,6 +20,7 @@
 
 enum {
 	HDR_HASH_SIZE = 32,
+	STARTLINE_MAX = 8192,
 };
 
 
@@ -266,7 +267,7 @@ int sip_msg_decode(struct sip_msg **msgp, struct mbuf *mb)
 
 	if (re_regex(p, l, "[^ \t\r\n]+ [^ \t\r\n]+ [^\r\n]*[\r]*[\n]1",
 		     &x, &y, &z, NULL, &e) || x.p != (char *)mbuf_buf(mb))
-		return EBADMSG;
+		return (l > STARTLINE_MAX) ? EBADMSG : ENODATA;
 
 	msg = mem_zalloc(sizeof(*msg), destructor);
 	if (!msg)
diff --git a/src/sip/transp.c b/src/sip/transp.c
index a38bdf2..7572145 100644
--- a/src/sip/transp.c
+++ b/src/sip/transp.c
@@ -26,6 +26,7 @@ enum {
 	TCP_ACCEPT_TIMEOUT    = 32,
 	TCP_KEEPALIVE_TIMEOUT = 10,
 	TCP_KEEPALIVE_INTVAL  = 120,
+	TCP_BUFSIZE_MAX       = 65536,
 };
 
 
@@ -339,6 +340,11 @@ static void tcp_recv_handler(struct mbuf *mb, void *arg)
 			goto out;
 
 		conn->mb->pos = pos;
+
+		if (mbuf_get_left(conn->mb) > TCP_BUFSIZE_MAX) {
+			err = EOVERFLOW;
+			goto out;
+		}
 	}
 	else {
 		conn->mb = mem_ref(mb);
@@ -414,7 +420,7 @@ static void tcp_recv_handler(struct mbuf *mb, void *arg)
 		sip_recv(conn->sip, msg);
 		mem_deref(msg);
 
-		if (end == conn->mb->end) {
+		if (end <= conn->mb->end) {
 			conn->mb = mem_deref(conn->mb);
 			break;
 		}