diff -up gnutls-1.4.1/lib/gnutls_cipher.c.packet gnutls-1.4.1/lib/gnutls_cipher.c --- gnutls-1.4.1/lib/gnutls_cipher.c.packet 2012-03-22 15:58:37.110025273 +0100 +++ gnutls-1.4.1/lib/gnutls_cipher.c 2012-03-22 16:13:50.512840958 +0100 @@ -485,14 +485,13 @@ _gnutls_ciphertext2compressed (gnutls_se { ciphertext.size -= blocksize; ciphertext.data += blocksize; - - if (ciphertext.size == 0) - { - gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } } + if (ciphertext.size < hash_size) + { + gnutls_assert (); + return GNUTLS_E_DECRYPTION_FAILED; + } pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ if ((int)pad > (int)ciphertext.size - hash_size)