diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 6132086d303652d65991bb7ad6a8c8ee0a8d04ad..1bb177ed6248ef937caaa4da9a39382cc39adca9 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -329,12 +329,18 @@ int dtls1_do_write(SSL *s, int type)
 					len = s->init_num;
 				}
 
+			if ( len < DTLS1_HM_HEADER_LENGTH )
+				{
+				/*
+				 * len is so small that we really can't do anything sensible
+				 * so fail
+				 */
+				return -1;
+				}
 			dtls1_fix_message_header(s, frag_off, 
 				len - DTLS1_HM_HEADER_LENGTH);
 
 			dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
-
-			OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
 			}
 
 		ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],