diff --git a/src/MSEHandshake.cc b/src/MSEHandshake.cc
index d073381a..0b01cbc5 100644
--- a/src/MSEHandshake.cc
+++ b/src/MSEHandshake.cc
@@ -490,7 +490,9 @@ bool MSEHandshake::receiveReceiverIALength()
     return false;
   }
   iaLength_ = decodeLength16(rbuf_);
-  // TODO limit iaLength \19...+handshake
+  if(iaLength_ > BtHandshakeMessage::MESSAGE_LENGTH) {
+    throw DL_ABORT_EX(fmt("Too large IA length length: %u", iaLength_));
+  }
   A2_LOG_DEBUG(fmt("CUID#%lld - len(IA)=%u.", cuid_, iaLength_));
   // shift rbuf_
   shiftBuffer(2);