-@@ -627,6 +627,11 @@ static int authenticate_nss_2_3 (
- unsigned char tmp_hash[hash_len[instance->crypto_hash_type]];
- int datalen = *buf_len - hash_len[instance->crypto_hash_type];
-
-+ if (*buf_len <= hash_len[instance->crypto_hash_type]) {
-+ log_printf(instance->log_level_security, "Received message is too short... ignoring");
-+ return -1;
-+ }
-+
- if (calculate_nss_hash(instance, buf, datalen, tmp_hash) < 0) {
- return -1;
- }
-@@ -736,6 +741,12 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance,
- {
- struct crypto_config_header *cch = (struct crypto_config_header *)buf;
+@@ -864,6 +864,12 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance,
+ return (-1);
+ }