diff -urp audit-2.6.5.orig/audisp/audispd.c audit-2.6.5/audisp/audispd.c
--- audit-2.6.5.orig/audisp/audispd.c	2016-07-08 12:17:53.000000000 -0400
+++ audit-2.6.5/audisp/audispd.c	2016-07-08 17:11:18.659015835 -0400
@@ -825,13 +825,25 @@ static void process_inbound_event(int fd
 
 	if (rc > 0) {
 		/* Sanity check */
-		if (!(e->hdr.ver == AUDISP_PROTOCOL_VER || 
-				e->hdr.ver == AUDISP_PROTOCOL_VER2) ||
-				e->hdr.hlen != sizeof(e->hdr) ||
-				e->hdr.size > MAX_AUDIT_MESSAGE_LENGTH) {
+		if ((e->hdr.ver != AUDISP_PROTOCOL_VER &&
+				e->hdr.ver != AUDISP_PROTOCOL_VER2)) {
+			syslog(LOG_ERR,
+				"Unknown dispatcher protocol %u, exiting",
+					e->hdr.ver);
 			free(e);
+			exit(1);
+		}
+		if (e->hdr.hlen != sizeof(e->hdr)) {
 			syslog(LOG_ERR,
-				"Dispatcher protocol mismatch, exiting");
+				    "Header length mismatch %u %lu, exiting",
+					e->hdr.hlen, sizeof(e->hdr));
+			free(e);
+			exit(1);
+		}
+		if (e->hdr.size > MAX_AUDIT_MESSAGE_LENGTH) {
+			syslog(LOG_ERR,	"Header size mismatch %d, exiting",
+					e->hdr.size);
+			free(e);
 			exit(1);
 		}
 
diff -urp audit-2.6.5.orig/src/auditd-dispatch.c audit-2.6.5/src/auditd-dispatch.c
--- audit-2.6.5.orig/src/auditd-dispatch.c	2016-07-08 12:17:53.000000000 -0400
+++ audit-2.6.5/src/auditd-dispatch.c	2016-07-08 17:00:58.081896384 -0400
@@ -183,17 +183,19 @@ int dispatch_event(const struct audit_re
 	hdr.ver = protocol_ver;
 	hdr.hlen = sizeof(struct audit_dispatcher_header);
 	hdr.type = rep->type;
-	hdr.size = rep->len;
 
 	vec[0].iov_base = (void*)&hdr;
 	vec[0].iov_len = sizeof(hdr);
 	if (protocol_ver == AUDISP_PROTOCOL_VER) {
+		hdr.size = rep->msg.nlh.nlmsg_len;
 		vec[1].iov_base = (void*)rep->message;
 		vec[1].iov_len = rep->msg.nlh.nlmsg_len;
-	} else {
+	} else if (protocol_ver == AUDISP_PROTOCOL_VER2) {
+		hdr.size = rep->len;
 		vec[1].iov_base = (void*)rep->msg.data;
 		vec[1].iov_len = rep->len;
-	}
+	} else
+		return 0;
 
 	do {
 		rc = writev(disp_pipe[1], vec, 2);