diff --git a/src/parser_quic.cpp b/src/parser_quic.cpp
index de3b968..926e295 100644
--- a/src/parser_quic.cpp
+++ b/src/parser_quic.cpp
@@ -168,8 +168,8 @@ static void quic_decrypt_message(quic_pp_cipher *pp_cipher, const char *payload,
 	// buffer_length = length - (header_length + 16);
 	// buffer_length = 297 - (2 + 16);
 	buffer_length = length - (pkn_len + 16);
-	if (buffer_length == 0) {
-		*error = (const guchar *)"Decryption not possible, ciphertext is too short";
+	if (buffer_length == 0 || buffer_length >1500) {
+		*error = (const guchar *)"Decryption not possible, ciphertext is too short or too long";
 		return;
 	}
 	buffer = (guint8 *)g_malloc(buffer_length);
@@ -765,23 +765,28 @@ int dissect_quic(const char *payload, unsigned int length, unsigned char *out, u
 			// printf("%d\n", token_length);
 
 			pn_offset += tvb_get_varint(payload, pn_offset, 8, &payload_length, ENC_VARINT_QUIC);
-			// printf("%d\n", payload_length);
-
-			// Assume failure unless proven otherwise.
-			ciphers = &conn.client_initial_ciphers;
-			error = "Header deprotection failed";
-			if (quic_decrypt_header(payload, pn_offset, &ciphers->hp_cipher, GCRY_CIPHER_AES128, &first_byte, &pkn32))
-				error = NULL;
-			if (!error) {
-				quic_set_full_packet_number(&conn, &quic_packet, from_server, first_byte, pkn32);
-				quic_packet.first_byte = first_byte;
+			if(payload_length==0 || payload_length >1500)
+			{
+				quic_packet.decryption.error = (const guchar*)"Payload length is too small or too long";
 			}
+			else
+			{
+				// Assume failure unless proven otherwise.
+				ciphers = &conn.client_initial_ciphers;
+				error = "Header deprotection failed";
+				if (quic_decrypt_header(payload, pn_offset, &ciphers->hp_cipher, GCRY_CIPHER_AES128, &first_byte, &pkn32))
+					error = NULL;
+				if (!error) {
+					quic_set_full_packet_number(&conn, &quic_packet, from_server, first_byte, pkn32);
+					quic_packet.first_byte = first_byte;
+				}
 
-			// Payload
-			// skip type(1) + version(4) + DCIL+DCID + SCIL+SCID + len_token_length + token_length + len_payload_length + len_packet_number
-			offset = pn_offset + quic_packet.pkn_len;
-			//quic_process_payload(payload, length, offset, &conn, &quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet.pkn_len);
-			quic_process_payload(payload, payload_length, offset, &conn, &quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet.pkn_len);
+				// Payload
+				// skip type(1) + version(4) + DCIL+DCID + SCIL+SCID + len_token_length + token_length + len_payload_length + len_packet_number
+				offset = pn_offset + quic_packet.pkn_len;
+				//quic_process_payload(payload, length, offset, &conn, &quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet.pkn_len);
+				quic_process_payload(payload, payload_length, offset, &conn, &quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet.pkn_len);
+			}
 			
 			// Out
 			if (!quic_packet.decryption.error)