diff --git a/ospfd/ospf_api.c b/ospfd/ospf_api.c
index 74a49e3..fae942e 100644
--- a/ospfd/ospf_api.c
+++ b/ospfd/ospf_api.c
@@ -472,6 +472,9 @@
   emsg->filter.typemask = htons (filter->typemask);
   emsg->filter.origin = filter->origin;
   emsg->filter.num_areas = filter->num_areas;
+  if (len > sizeof (buf))
+    len = sizeof(buf);
+  /* API broken - missing memcpy to fill data */
   return msg_new (MSG_REGISTER_EVENT, emsg, seqnum, len);
 }
 
@@ -488,6 +491,9 @@
   smsg->filter.typemask = htons (filter->typemask);
   smsg->filter.origin = filter->origin;
   smsg->filter.num_areas = filter->num_areas;
+  if (len > sizeof (buf))
+    len = sizeof(buf);
+  /* API broken - missing memcpy to fill data */
   return msg_new (MSG_SYNC_LSDB, smsg, seqnum, len);
 }
 
@@ -501,13 +507,15 @@
   int omsglen;
   char buf[OSPF_API_MAX_MSG_SIZE];
 
-  omsglen = sizeof (struct msg_originate_request) - sizeof (struct lsa_header)
-    + ntohs (data->length);
-
   omsg = (struct msg_originate_request *) buf;
   omsg->ifaddr = ifaddr;
   omsg->area_id = area_id;
-  memcpy (&omsg->data, data, ntohs (data->length));
+
+  omsglen = ntohs (data->length);
+  if (omsglen > sizeof (buf) - offsetof (struct msg_originate_request, data))
+    omsglen = sizeof (buf) - offsetof (struct msg_originate_request, data);
+  memcpy (&omsg->data, data, omsglen);
+  omsglen += sizeof (struct msg_originate_request) - sizeof (struct lsa_header);
 
   return msg_new (MSG_ORIGINATE_REQUEST, omsg, seqnum, omsglen);
 }
@@ -627,13 +635,16 @@
   assert (data);
 
   nmsg = (struct msg_lsa_change_notify *) buf;
-  len = ntohs (data->length) + sizeof (struct msg_lsa_change_notify)
-    - sizeof (struct lsa_header);
   nmsg->ifaddr = ifaddr;
   nmsg->area_id = area_id;
   nmsg->is_self_originated = is_self_originated;
   memset (&nmsg->pad, 0, sizeof (nmsg->pad));
-  memcpy (&nmsg->data, data, ntohs (data->length));
+
+  len = ntohs (data->length);
+  if (len > sizeof (buf) - offsetof (struct msg_lsa_change_notify, data))
+    len = sizeof (buf) - offsetof (struct msg_lsa_change_notify, data);
+  memcpy (&nmsg->data, data, len);
+  len += sizeof (struct msg_lsa_change_notify) - sizeof (struct lsa_header);
 
   return msg_new (msgtype, nmsg, seqnum, len);
 }