diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c
index 0d3e6e35b..3726d724f 100644
--- a/lib/krb5/get_cred.c
+++ b/lib/krb5/get_cred.c
@@ -86,14 +86,17 @@ set_auth_data (krb5_context context,
 	       krb5_keyblock *key)
 {
     if(authdata->len) {
-	size_t len;
+	size_t len, buf_size;
 	unsigned char *buf;
 	krb5_crypto crypto;
 	krb5_error_code ret;
 
-	ASN1_MALLOC_ENCODE(AuthorizationData, buf, len, authdata, &len, ret);
+	ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata,
+			   &len, ret);
 	if (ret)
 	    return ret;
+	if (buf_size != len)
+	    krb5_abortx(context, "internal error in ASN.1 encoder");
 
 	ALLOC(req_body->enc_authorization_data, 1);
 	if (req_body->enc_authorization_data == NULL) {