diff --git a/src/encrypt.c b/src/encrypt.c
index 86e6b2f1..c99c8100 100644
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -1079,9 +1079,9 @@ char * ss_encrypt_all(int buf_size, char *plaintext, ssize_t *len, int method, i
             ss_onetimeauth(hash, plaintext, p_len, iv);
             if (buf_size < ONETIMEAUTH_BYTES + p_len) {
                 plaintext = realloc(plaintext, ONETIMEAUTH_BYTES + p_len);
-                memcpy(plaintext + p_len, hash, ONETIMEAUTH_BYTES);
-                p_len = c_len = p_len + ONETIMEAUTH_BYTES;
             }
+            memcpy(plaintext + p_len, hash, ONETIMEAUTH_BYTES);
+            p_len = c_len = p_len + ONETIMEAUTH_BYTES;
         }
 
         if (method >= SALSA20) {
diff --git a/src/udprelay.c b/src/udprelay.c
index 29e02ca7..812732a4 100644
--- a/src/udprelay.c
+++ b/src/udprelay.c
@@ -682,7 +682,9 @@ static void remote_recv_cb(EV_P_ ev_io *w, int revents)
     memmove(buf, buf + len, buf_len);
 #else
     // Construct packet
-    buf = realloc(buf, buf_len + 3);
+    if (BUF_SIZE < buf_len + 3) {
+        buf = realloc(buf, buf_len + 3);
+    }
     memmove(buf + 3, buf, buf_len);
     memset(buf, 0, 3);
     buf_len += 3;
@@ -703,7 +705,9 @@ static void remote_recv_cb(EV_P_ ev_io *w, int revents)
     }
 
     // Construct packet
-    buf = realloc(buf, buf_len + addr_header_len);
+    if (BUF_SIZE < buf_len + addr_header_len) {
+        buf = realloc(buf, buf_len + addr_header_len);
+    }
     memmove(buf + addr_header_len, buf, buf_len);
     memcpy(buf, addr_header, addr_header_len);
     buf_len += addr_header_len;
@@ -894,7 +898,9 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
     }
 
     // reconstruct the buffer
-    buf = realloc(buf, buf_len + addr_header_len);
+    if (BUF_SIZE < buf_len + addr_header_len) {
+        buf = realloc(buf, buf_len + addr_header_len);
+    }
     memmove(buf + addr_header_len, buf, buf_len);
     memcpy(buf, addr_header, addr_header_len);
     buf_len += addr_header_len;
@@ -950,7 +956,9 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
     addr_header_len += 2;
 
     // reconstruct the buffer
-    buf = realloc(buf, buf_len + addr_header_len);
+    if (BUF_SIZE < buf_len + addr_header_len) {
+        buf = realloc(buf, buf_len + addr_header_len);
+    }
     memmove(buf + addr_header_len, buf, buf_len);
     memcpy(buf, addr_header, addr_header_len);
     buf_len += addr_header_len;