diff --git a/components/net/sf/briar/transport/ConnectionReaderImpl.java b/components/net/sf/briar/transport/ConnectionReaderImpl.java
index 258eb824ee7384b9248fe569405d4fef6ff1c4fd..59a84bb4aeed05372e61ef0a3f43debd983bed74 100644
--- a/components/net/sf/briar/transport/ConnectionReaderImpl.java
+++ b/components/net/sf/briar/transport/ConnectionReaderImpl.java
@@ -119,6 +119,10 @@ implements ConnectionReader {
 			int read = in.read(payload, offset,
 					payloadLen + paddingLen - offset);
 			if(read == -1) throw new EOFException(); // Unexpected EOF
+			// The padding must be set to zero
+			for(int i = offset; i < offset + read; i++) {
+				if(payload[i] != 0) throw new FormatException();
+			}
 			mac.update(payload, offset, read);
 			offset += read;
 		}
diff --git a/test/net/sf/briar/transport/ConnectionReaderImplTest.java b/test/net/sf/briar/transport/ConnectionReaderImplTest.java
index 906958f8f1fbd3ef61f4571408f54927f3457ce0..56caddb96938971297f7fa22644646a0ce2a6b2d 100644
--- a/test/net/sf/briar/transport/ConnectionReaderImplTest.java
+++ b/test/net/sf/briar/transport/ConnectionReaderImplTest.java
@@ -121,6 +121,29 @@ public class ConnectionReaderImplTest extends TransportTest {
 		} catch(FormatException expected) {}
 	}
 
+	@Test
+	public void testNonZeroPadding() throws Exception {
+		int payloadLength = 10, paddingLength = 10;
+		byte[] frame = new byte[FRAME_HEADER_LENGTH + payloadLength
+		                        + paddingLength + macLength];
+		HeaderEncoder.encodeHeader(frame, 0, payloadLength, paddingLength);
+		// Set a byte of the padding to a non-zero value
+		frame[FRAME_HEADER_LENGTH + payloadLength] = 1;
+		mac.init(macKey);
+		mac.update(frame, 0, FRAME_HEADER_LENGTH + payloadLength
+				+ paddingLength);
+		mac.doFinal(frame, FRAME_HEADER_LENGTH + payloadLength + paddingLength);
+		// Read the frame
+		ByteArrayInputStream in = new ByteArrayInputStream(frame);
+		ConnectionDecrypter d = new NullConnectionDecrypter(in);
+		ConnectionReader r = new ConnectionReaderImpl(d, mac, macKey);
+		// The non-zero padding should be rejected
+		try {
+			r.getInputStream().read();
+			fail();
+		} catch(FormatException expected) {}
+	}
+
 	@Test
 	public void testMultipleFrames() throws Exception {
 		// First frame: 123-byte payload