diff --git a/kadmin/version4.c b/kadmin/version4.c
index cfb3f5d0d..1a6d3db12 100644
--- a/kadmin/version4.c
+++ b/kadmin/version4.c
@@ -965,6 +965,8 @@ handle_v4(krb5_context context,
 	if(term_flag)
 	    exit(0);
 	if(first) {
+	    if (len < 2)
+		krb5_errx(context, 1, "received too short len (%d < 2)", len);
 	    /* first time around, we have already read len, and two
                bytes of the version string */
 	    krb5_data_alloc(&message, len);