From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu, 23 May 2013 09:54:37 +0200
Subject: [PATCH] re-applied sanity check patch

---
 lib/gnutls_cipher.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 2835121..71f5a98 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
           return GNUTLS_E_DECRYPTION_FAILED;
         }
       pad = ciphertext.data[ciphertext.size - 1];   /* pad */
+      if (pad+1 > ciphertext.size-hash_size)
+        pad_failed = GNUTLS_E_DECRYPTION_FAILED;
 
       /* Check the pading bytes (TLS 1.x). 
        * Note that we access all 256 bytes of ciphertext for padding check
-- 
1.7.1