diff --git a/main/http.c b/main/http.c
index d7ec60a961ee2a3b8344068c71a20f9a89e5a9e0..5d0b89e0ca321363344e41356c16692e44e0e364 100644
--- a/main/http.c
+++ b/main/http.c
@@ -1740,13 +1740,21 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
 
 	remaining_headers = MAX_HTTP_REQUEST_HEADERS;
 	for (;;) {
+		ssize_t len;
 		char *name;
 		char *value;
 
-		if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
+		len = ast_iostream_gets(ser->stream, header_line, sizeof(header_line));
+		if (len <= 0) {
 			ast_http_error(ser, 400, "Bad Request", "Timeout");
 			return -1;
 		}
+		if (header_line[len - 1] != '\n') {
+			/* We didn't get a full line */
+			ast_http_error(ser, 400, "Bad Request",
+				(len == sizeof(header_line) - 1) ? "Header line too long" : "Timeout");
+			return -1;
+		}
 
 		/* Trim trailing characters */
 		ast_trim_blanks(header_line);
@@ -1815,9 +1823,11 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
 	struct http_worker_private_data *request;
 	enum ast_http_method http_method = AST_HTTP_UNKNOWN;
 	int res;
+	ssize_t len;
 	char request_line[MAX_HTTP_LINE_LENGTH];
 
-	if (ast_iostream_gets(ser->stream, request_line, sizeof(request_line)) <= 0) {
+	len = ast_iostream_gets(ser->stream, request_line, sizeof(request_line));
+	if (len <= 0) {
 		return -1;
 	}
 
@@ -1825,6 +1835,13 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
 	request = ser->private_data;
 	http_request_tracking_init(request);
 
+	if (request_line[len - 1] != '\n') {
+		/* We didn't get a full line */
+		ast_http_error(ser, 400, "Bad Request",
+			(len == sizeof(request_line) - 1) ? "Request line too long" : "Timeout");
+		return -1;
+	}
+
 	/* Get method */
 	method = ast_skip_blanks(request_line);
 	uri = ast_skip_nonblanks(method);