diff --git a/kdc/kaserver.c b/kdc/kaserver.c
index 2f8a3ba7b..b1fc8f927 100644
--- a/kdc/kaserver.c
+++ b/kdc/kaserver.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -651,6 +651,14 @@ do_getticket (struct rx_header *hdr,
 	char sinstance[SNAME_SZ];
 	u_int32_t paddress;
 
+	if (aticket.length > sizeof(ticket.dat)) {
+	    kdc_log(0, "ticket too long (%u > %u)",
+		    (unsigned)aticket.length,
+		    (unsigned)sizeof(ticket.dat));
+	    make_error_reply (hdr, KABADTICKET, reply);
+	    goto out;
+	}
+
 	ticket.length = aticket.length;
 	memcpy (ticket.dat, aticket.data, ticket.length);