diff --git a/ChangeLog b/ChangeLog
index 666de04df..b6c16e0e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -124,6 +124,9 @@
    - stevesk@cvs.openbsd.org 2002/06/06 01:09:41
      [monitor.h]
      no trailing comma in enum; china@thewrittenword.com
+   - markus@cvs.openbsd.org 2002/06/06 17:12:44
+     [sftp-server.c]
+     discard remaining bytes of current request; ok provos@
 
 20020604
  - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -808,4 +811,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2177 2002/06/06 21:57:01 mouring Exp $
+$Id: ChangeLog,v 1.2178 2002/06/06 21:57:54 mouring Exp $
diff --git a/sftp-server.c b/sftp-server.c
index 117e6cc15..beb251a8a 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.33 2002/02/13 00:28:13 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.34 2002/06/06 17:12:44 markus Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -956,10 +956,13 @@ static void
 process(void)
 {
 	u_int msg_len;
+	u_int buf_len;
+	u_int consumed;
 	u_int type;
 	u_char *cp;
 
-	if (buffer_len(&iqueue) < 5)
+	buf_len = buffer_len(&iqueue);
+	if (buf_len < 5)
 		return;		/* Incomplete message. */
 	cp = buffer_ptr(&iqueue);
 	msg_len = GET_32BIT(cp);
@@ -967,9 +970,10 @@ process(void)
 		error("bad message ");
 		exit(11);
 	}
-	if (buffer_len(&iqueue) < msg_len + 4)
+	if (buf_len < msg_len + 4)
 		return;
 	buffer_consume(&iqueue, 4);
+	buf_len -= 4;
 	type = buffer_get_char(&iqueue);
 	switch (type) {
 	case SSH2_FXP_INIT:
@@ -1036,6 +1040,14 @@ process(void)
 		error("Unknown message %d", type);
 		break;
 	}
+	/* discard the remaining bytes from the current packet */
+	if (buf_len < buffer_len(&iqueue))
+		fatal("iqueue grows");
+	consumed = buf_len - buffer_len(&iqueue);
+	if (msg_len < consumed)
+		fatal("msg_len %d < consumed %d", msg_len, consumed);
+	if (msg_len > consumed)
+		buffer_consume(&iqueue, msg_len - consumed);
 }
 
 int