diff -up gnutls-1.4.1/lib/gnutls_cipher.c.packet gnutls-1.4.1/lib/gnutls_cipher.c
--- gnutls-1.4.1/lib/gnutls_cipher.c.packet	2012-03-22 15:58:37.110025273 +0100
+++ gnutls-1.4.1/lib/gnutls_cipher.c	2012-03-22 16:13:50.512840958 +0100
@@ -485,14 +485,13 @@ _gnutls_ciphertext2compressed (gnutls_se
 	{
 	  ciphertext.size -= blocksize;
 	  ciphertext.data += blocksize;
-
-	  if (ciphertext.size == 0)
-	    {
-	      gnutls_assert ();
-	      return GNUTLS_E_DECRYPTION_FAILED;
-	    }
 	}
 
+      if (ciphertext.size < hash_size)
+	{
+	  gnutls_assert ();
+	  return GNUTLS_E_DECRYPTION_FAILED;
+	}
       pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */
 
       if ((int)pad > (int)ciphertext.size - hash_size)