diff --git a/pkg/sentry/socket/epsocket/epsocket.go b/pkg/sentry/socket/epsocket/epsocket.go
index b32eda96f..0000875e7 100644
--- a/pkg/sentry/socket/epsocket/epsocket.go
+++ b/pkg/sentry/socket/epsocket/epsocket.go
@@ -150,6 +150,9 @@ func GetAddress(sfamily int, addr []byte) (tcpip.FullAddress, *syserr.Error) {
 	switch family {
 	case linux.AF_UNIX:
 		path := addr[2:]
+		if len(path) > linux.UnixPathMax {
+			return tcpip.FullAddress{}, syserr.ErrInvalidArgument
+		}
 		// Drop the terminating NUL (if one exists) and everything after it.
 		// Skip the first byte, which is NUL for abstract paths.
 		if len(path) > 1 {