diff --git a/debug.h b/debug.h
index b8c2a575aa38599f65afc98f68fcfaef10eb329f..a9cc0bd71f684f8c1a06d20f69a90befff94629a 100644
--- a/debug.h
+++ b/debug.h
@@ -39,7 +39,7 @@
  * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
  * since the printing may not sanitise strings etc. This will add a reasonable
  * amount to your executable size. */
-/*#define DEBUG_TRACE*/
+#define DEBUG_TRACE
 
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
diff --git a/packet.c b/packet.c
index 37ffdd2dd988e42b3467b35570c998b3dea4452b..9621bbd3b5d734b0ce3b202f614c69a5a24e47ee 100644
--- a/packet.c
+++ b/packet.c
@@ -261,7 +261,7 @@ void decrypt_packet() {
 		
 	/* payload length */
 	/* - 4 - 1 is for LEN and PADLEN values */
-	len = ses.readbuf->len - padlen - 4 - 1;
+	len = ses.readbuf->len - padlen - 4 - 1 - macsize;
 	if ((len > RECV_MAX_PAYLOAD_LEN) || (len < 1)) {
 		dropbear_exit("bad packet size");
 	}