diff --git a/cmdmon.c b/cmdmon.c
index 37f0d3d..2f354e3 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1644,6 +1644,9 @@ read_from_cmd_socket(void *anything)
     return;
   }
 
+  if (from_length > sizeof (where_from))
+    LOG_FATAL(LOGF_CmdMon, "Truncated source address");
+
   read_length = status;
 
   LCL_ReadRawTime(&now);
diff --git a/ntp_io.c b/ntp_io.c
index 72f6a66..d691735 100644
--- a/ntp_io.c
+++ b/ntp_io.c
@@ -481,6 +481,9 @@ read_from_socket(void *anything)
      reponse on a subsequent recvfrom). */
 
   if (status > 0) {
+    if (msg.msg_namelen > sizeof (where_from))
+      LOG_FATAL(LOGF_NtpIO, "Truncated source address");
+
     switch (where_from.u.sa_family) {
       case AF_INET:
         remote_addr.ip_addr.family = IPADDR_INET4;