diff --git a/bot/src/bot.c b/bot/src/bot.c
index 0e9f375..9635f00 100644
--- a/bot/src/bot.c
+++ b/bot/src/bot.c
@@ -56,7 +56,7 @@ struct sLaika_peerPacketInfo laikaB_pktTbl[LAIKAPKT_MAXNONE] = {
     false),
     LAIKA_CREATE_PACKET_INFO(LAIKAPKT_SHELL_DATA,
         laikaB_handleShellData,
-        0,
+        sizeof(uint32_t), /* packet must be bigger than this */
     true),
 };
 
diff --git a/cnc/src/cnc.c b/cnc/src/cnc.c
index 320d2a7..6d8f6a3 100644
--- a/cnc/src/cnc.c
+++ b/cnc/src/cnc.c
@@ -128,7 +128,7 @@ struct sLaika_peerPacketInfo laikaC_botPktTbl[LAIKAPKT_MAXNONE] = {
     false),
     LAIKA_CREATE_PACKET_INFO(LAIKAPKT_SHELL_DATA,
         laikaC_handleShellData,
-        0,
+        sizeof(uint32_t), /* packet must be bigger than this */
     true),
 };
 
@@ -144,7 +144,7 @@ struct sLaika_peerPacketInfo laikaC_authPktTbl[LAIKAPKT_MAXNONE] = {
     false),
     LAIKA_CREATE_PACKET_INFO(LAIKAPKT_SHELL_DATA,
         laikaC_handleAuthenticatedShellData,
-        0,
+        sizeof(uint32_t), /* packet must be bigger than this */
     true),
 };
 
diff --git a/cnc/src/cpanel.c b/cnc/src/cpanel.c
index ef96c81..d2b92d8 100644
--- a/cnc/src/cpanel.c
+++ b/cnc/src/cpanel.c
@@ -103,7 +103,7 @@ void laikaC_handleAuthenticatedShellData(struct sLaika_peer *authPeer, LAIKAPKT_
     struct sLaika_shellInfo *shell;
     uint32_t id;
 
-    if (sz - sizeof(uint32_t) > LAIKA_SHELL_DATA_MAX_LENGTH || sz <= sizeof(uint32_t))
+    if (sz - sizeof(uint32_t) > LAIKA_SHELL_DATA_MAX_LENGTH)
         LAIKA_ERROR("laikaC_handleAuthenticatedShellData: Wrong data size!\n");
 
     laikaS_readInt(&authPeer->sock, &id, sizeof(uint32_t));
diff --git a/cnc/src/cpeer.c b/cnc/src/cpeer.c
index 4a190d3..17ca1e2 100644
--- a/cnc/src/cpeer.c
+++ b/cnc/src/cpeer.c
@@ -193,7 +193,7 @@ void laikaC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uD
     uint32_t id;
 
     /* ignore packet if malformed */
-    if (sz > LAIKA_SHELL_DATA_MAX_LENGTH + sizeof(uint32_t) || sz <= sizeof(uint32_t))
+    if (sz > LAIKA_SHELL_DATA_MAX_LENGTH + sizeof(uint32_t))
         return;
 
     laikaS_readInt(&peer->sock, &id, sizeof(uint32_t));
diff --git a/lib/src/lpeer.c b/lib/src/lpeer.c
index 1deea60..d44a6c7 100644
--- a/lib/src/lpeer.c
+++ b/lib/src/lpeer.c
@@ -244,6 +244,10 @@ bool laikaS_handlePeerIn(struct sLaika_socket *sock)
             !peer->packetTbl[peer->pktID].variadic)
             LAIKA_ERROR("requested packet id [%d] is not variadic!\n", peer->pktID);
 
+        /* sanity check minimum size */
+        if (peer->pktSize <= peer->packetTbl[peer->pktID].size)
+            LAIKA_ERROR("requested variable packet is too small!\n");
+
         /* if peer->useSecure is true, body is encrypted */
         laikaS_startInPacket(peer, true);
         goto _HandlePacketBody;
diff --git a/shell/src/sclient.c b/shell/src/sclient.c
index fcb3933..7def7ff 100644
--- a/shell/src/sclient.c
+++ b/shell/src/sclient.c
@@ -131,7 +131,7 @@ void shellC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uD
     uint32_t id;
 
     /* ignore packet if malformed */
-    if (sz > LAIKA_SHELL_DATA_MAX_LENGTH + sizeof(uint32_t) || sz <= sizeof(uint32_t))
+    if (sz - sizeof(uint32_t) > LAIKA_SHELL_DATA_MAX_LENGTH)
         return;
 
     laikaS_readInt(&peer->sock, &id, sizeof(uint32_t)); /* this is ignored for now */
@@ -191,7 +191,7 @@ struct sLaika_peerPacketInfo shellC_pktTbl[LAIKAPKT_MAXNONE] = {
     false),
     LAIKA_CREATE_PACKET_INFO(LAIKAPKT_SHELL_DATA,
         shellC_handleShellData,
-        0,
+        sizeof(uint32_t), /* packet must be bigger than this */
     true)
 };