diff --git a/lib/krb5/mk_error.c b/lib/krb5/mk_error.c
index ed2e5dc26..9059ef89d 100644
--- a/lib/krb5/mk_error.c
+++ b/lib/krb5/mk_error.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -64,6 +64,12 @@ krb5_mk_error(krb5_context context,
     if(ctime) {
 	msg.ctime = &ctime;
     }
+    /* Make sure we only send `protocol' error codes */
+    if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) {
+	if(e_text == NULL)
+	    e_text = krb5_get_err_text(context, error_code);
+	error_code = KRB5KRB_ERR_GENERIC;
+    }
     msg.error_code = error_code - KRB5KDC_ERR_NONE;
     if (e_text)
 	msg.e_text = (general_string*)&e_text;