diff --git a/src/BuddyManager.cpp b/src/BuddyManager.cpp
index 554f555..929d47b 100644
--- a/src/BuddyManager.cpp
+++ b/src/BuddyManager.cpp
@@ -750,6 +750,7 @@ void BuddyManager::emailSend(CNSocket* sock, CNPacketData* data) {
     bool invalid = false;
     int itemCount = 0;
 
+    std::set<int> seen;
     for (int i = 0; i < 4; i++) {
         int slot = pkt->aItem[i].iSlotNum;
         if (slot < 0 || slot >= AINVEN_COUNT) {
@@ -763,9 +764,16 @@ void BuddyManager::emailSend(CNSocket* sock, CNPacketData* data) {
         if (item->iID == 0)
             continue;
 
+        // was the same item added multiple times?
+        if (seen.count(slot) > 0) {
+            invalid = true;
+            break;
+        }
+        seen.insert(slot);
+
         itemCount++;
         if (item->iType != real->iType || item->iID != real->iID
-        || item->iOpt < 0 || item->iOpt > real->iOpt) {
+        || item->iOpt <= 0 || item->iOpt > real->iOpt) {
             invalid = true;
             break;
         }
diff --git a/src/NPCManager.cpp b/src/NPCManager.cpp
index 1df8b5f..239a345 100644
--- a/src/NPCManager.cpp
+++ b/src/NPCManager.cpp
@@ -135,7 +135,13 @@ void NPCManager::npcVendorBuy(CNSocket* sock, CNPacketData* data) {
 
     int itemCost = itemDat->buyPrice * (itemDat->stackSize > 1 ? req->Item.iOpt : 1);
     int slot = ItemManager::findFreeSlot(plr);
-    if (itemCost > plr->money || slot == -1 || req->Item.iOpt > itemDat->stackSize) {
+    if (itemCost > plr->money || slot == -1) {
+        sock->sendPacket((void*)&failResp, P_FE2CL_REP_PC_VENDOR_ITEM_BUY_FAIL, sizeof(sP_FE2CL_REP_PC_VENDOR_ITEM_BUY_FAIL));
+        return;
+    }
+
+    // crates don't have a stack size in TableData, so we can't check those
+    if (itemDat->stackSize != 0 && req->Item.iOpt > itemDat->stackSize) {
         sock->sendPacket((void*)&failResp, P_FE2CL_REP_PC_VENDOR_ITEM_BUY_FAIL, sizeof(sP_FE2CL_REP_PC_VENDOR_ITEM_BUY_FAIL));
         return;
     }