diff --git a/ChangeLog b/ChangeLog
index f86254458..e00643b72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -51,6 +51,8 @@ Security
      Frama-C team at CEA LIST)
    * Fixed generation of DHM parameters to correct length (found by Ruslan
      Yushchenko)
+   * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
+     Vanderbeken)
 
 = Version 1.1.3 released on 2012-04-29
 Bugfix
diff --git a/library/rsa.c b/library/rsa.c
index 215f1aa09..6dfcdb35c 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -679,7 +679,7 @@ int rsa_pkcs1_sign( rsa_context *ctx,
                     return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
             }
 
-            if( nb_pad < 8 )
+            if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
                 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
             *p++ = 0;