diff --git a/src/internal.c b/src/internal.c
index 65f335c..06d7518 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4392,6 +4392,9 @@ int DoReceive(WOLFSSH* ssh)
                 /* Peek at the packet_length field. */
                 ato32(ssh->inputBuffer.buffer + ssh->inputBuffer.idx,
                       &ssh->curSz);
+                if (ssh->curSz > MAX_PACKET_SZ - (word32)peerMacSz - LENGTH_SZ)
+                    return WS_OVERFLOW_E;
+
                 ssh->processReplyState = PROCESS_PACKET_FINISH;
                 FALL_THROUGH;
 
diff --git a/wolfssh/internal.h b/wolfssh/internal.h
index cd4fbb6..7a806d7 100644
--- a/wolfssh/internal.h
+++ b/wolfssh/internal.h
@@ -130,6 +130,10 @@ enum {
 #ifndef DEFAULT_NEXT_CHANNEL
     #define DEFAULT_NEXT_CHANNEL 0
 #endif
+#ifndef MAX_PACKET_SZ
+    /* This is from RFC 4253 section 6.1. */
+    #define MAX_PACKET_SZ 35000
+#endif
 
 
 WOLFSSH_LOCAL byte NameToId(const char*, word32);