diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 7728284be..93d1461a3 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -167,6 +167,11 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
 		if (max > max_max)
 			max = max_max;
 	}
+	if (n > max) /* does not happen */
+		{
+		SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR);
+		return -1;
+		}
 
 	off = s->packet_length;
 	newb = s->s3->rbuf.left;