diff --git a/lib/krb5/encrypt.c b/lib/krb5/encrypt.c
index 3a6d230ea..663eccd84 100644
--- a/lib/krb5/encrypt.c
+++ b/lib/krb5/encrypt.c
@@ -1,5 +1,6 @@
 #include <krb5_locl.h>
 #include <krb5_error.h>
+#include "crc.h"
 
 krb5_error_code
 krb5_encrypt (krb5_context context,
@@ -45,8 +46,8 @@ krb5_decrypt (krb5_context context,
 	      krb5_keyblock *keyblock,
 	      krb5_data *result)
 {
-  u_char *p;
-  u_long crc;
+  u_char *p = (u_char *)ptr;
+  u_long my_crc, her_crc;
   des_cblock key;
   des_key_schedule schedule;
 
@@ -54,14 +55,16 @@ krb5_decrypt (krb5_context context,
   des_set_key (&key, schedule);
   des_cbc_encrypt ((des_cblock *)ptr, (des_cblock *)ptr, len, schedule, &key, DES_DECRYPT);
 
+  her_crc = (p[11] << 24) | (p[10] << 16) | (p[9] << 8) | (p[8] << 0);
+  memset (p + 8, 0, sizeof(her_crc));
   crc_init_table ();
-  crc = crc_update (ptr, len, 0);
-#if 0
-  if (crc)
+  my_crc = crc_update (ptr, len, 0);
+  if (my_crc != her_crc)
     return KRB5KRB_AP_ERR_BAD_INTEGRITY;
-#endif
   result->length = len - 12;
   result->data = malloc(result->length);
+  if (result->data == NULL)
+    return ENOMEM;
   memcpy (result->data, (u_char *)ptr + 12, result->length);
   return 0;
 }