diff --git a/src/ssh.rs b/src/ssh.rs
index 3a6fe1f..a65a04c 100644
--- a/src/ssh.rs
+++ b/src/ssh.rs
@@ -347,6 +347,7 @@ pub fn parse_ssh_packet(i: &[u8]) -> IResult<&[u8], (SshPacket, &[u8])> {
     do_parse!(i,
         packet_length: be_u32 >>
         padding_length: be_u8 >>
+        error_if!(padding_length as u32 + 1 > packet_length, Err::Code(ErrorKind::Custom(128))) >>
         payload: flat_map!(
             take!(packet_length - padding_length as u32 - 1),
             switch!(be_u8,
diff --git a/src/tests.rs b/src/tests.rs
index 6362edd..45186a4 100644
--- a/src/tests.rs
+++ b/src/tests.rs
@@ -1,5 +1,5 @@
 // Public API tests
-use nom::IResult;
+use nom::{IResult,ErrorKind,Err};
 
 use super::ssh::*;
 
@@ -133,3 +133,11 @@ fn test_new_keys() {
     let res = parse_ssh_packet(&SERVER_NEW_KEYS);
     assert_eq!(res, expected);
 }
+
+#[test]
+fn test_invalid_packet0() {
+    let data = b"\x00\x00\x00\x00\x00\x00\x00\x00";
+    let expected = IResult::Error(Err::Code(ErrorKind::Custom(128)));
+    let res = parse_ssh_packet(data);
+    assert_eq!(res, expected);
+}