diff -up gnutls-2.12.14/lib/gnutls_cipher.c.packet gnutls-2.12.14/lib/gnutls_cipher.c
--- gnutls-2.12.14/lib/gnutls_cipher.c.packet 2011-09-18 00:16:53.000000000 +0200
+++ gnutls-2.12.14/lib/gnutls_cipher.c 2012-03-23 13:29:24.077877489 +0100
@@ -511,14 +511,13 @@ _gnutls_ciphertext2compressed (gnutls_se
{
ciphertext.size -= blocksize;
ciphertext.data += blocksize;
-
- if (ciphertext.size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
}
+ if (ciphertext.size < hash_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
if ((int) pad > (int) ciphertext.size - hash_size)