diff --git a/comms.c b/comms.c
index acb6073..f66ce53 100644
--- a/comms.c
+++ b/comms.c
@@ -98,6 +98,10 @@ _comms_process_session(struct comms_state *cs, struct comms_session *sess, struc
 
 	strobe_attach_buffer(&sess->cs_crypto, pbin.pkt, pbin.pktlen);
 
+	/* if the packet is too short, ignore */
+	if (pbin.pktlen < MAC_LEN)
+		goto badmsg;
+
 	cnt = strobe_get(&sess->cs_crypto, APP_CIPHERTEXT, buf, pbin.pktlen -
 	    MAC_LEN);
 	msglen = cnt;
diff --git a/lora.py b/lora.py
index 8c7b3e0..fed55a8 100644
--- a/lora.py
+++ b/lora.py
@@ -762,6 +762,12 @@ class TestLORANode(unittest.IsolatedAsyncioTestCase):
 
 		self.assertFalse(out)
 
+		# that varous short messages don't cause problems
+		for i in range(10):
+			out = lora_comms.comms_process_wrap(commstate, b'0' * i)
+
+			self.assertFalse(out)
+
 		# copy the crypto state
 		cstate = l.st.copy()