From 2042cb7dc793e2c566dd72202579e4f561cbd024 Mon Sep 17 00:00:00 2001
From: angt <angt@users.noreply.github.com>
Date: Fri, 30 Oct 2015 19:04:32 +0100
Subject: [PATCH] Fix crypto_aead_aes256gcm_decrypt_afternm() when clen < 16

---
 .../crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c      | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c b/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
index 91772521..19edd66f 100644
--- a/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
+++ b/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
@@ -642,10 +642,14 @@ crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, unsigned long long *mlen
     if (clen > 16ULL * (1ULL << 32) - 16ULL) {
         abort();
     }
-    mlen = clen - 16;
     if (mlen_p != NULL) {
         *mlen_p = 0U;
     }
+    if (clen < 16) {
+        return -1;
+    }
+    mlen = clen - 16;
+    
     memcpy(&n2[0], npub, 12);
     *(uint32_t *) &n2[12] = 0x01000000;
     aesni_encrypt1(T, _mm_load_si128((const __m128i *) n2), rkeys);