diff --git a/src/encrypt.c b/src/encrypt.c
index 669b3b16..025a5053 100644
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -1265,11 +1265,15 @@ char * ss_decrypt_all(int buf_size, char *ciphertext, ssize_t *len, int method,
         }
 
         if (auth || (plaintext[0] & ONETIMEAUTH_FLAG)) {
-            char hash[ONETIMEAUTH_BYTES];
-            memcpy(hash, plaintext + p_len - ONETIMEAUTH_BYTES, ONETIMEAUTH_BYTES);
-            ret = !ss_onetimeauth_verify(hash, plaintext, p_len - ONETIMEAUTH_BYTES, iv);
-            if (ret) {
-                p_len -= ONETIMEAUTH_BYTES;
+            if (p_len > ONETIMEAUTH_BYTES) {
+                char hash[ONETIMEAUTH_BYTES];
+                memcpy(hash, plaintext + p_len - ONETIMEAUTH_BYTES, ONETIMEAUTH_BYTES);
+                ret = !ss_onetimeauth_verify(hash, plaintext, p_len - ONETIMEAUTH_BYTES, iv);
+                if (ret) {
+                    p_len -= ONETIMEAUTH_BYTES;
+                }
+            } else {
+                ret = 0;
             }
         }