diff --git a/ChangeLog b/ChangeLog
index 60ef749bc..4ae26dbb9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@ Security
    * Potential buffer-overflow for ssl_read_record() (independently found by
      both TrustInSoft and Paul Brodeur of Leviathan Security Group)
    * Potential negative value misinterpretation in load_file()
+   * Potential heap buffer overflow on large hostname setting
 
 = Version 1.1.7 released on 2013-06-19
 Changes
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 73a6604c3..b3b82b075 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1991,6 +1991,10 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname )
         return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
 
     ssl->hostname_len = strlen( hostname );
+
+    if( ssl->hostname_len + 1 == 0 )
+        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+
     ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 );
 
     if( ssl->hostname == NULL )
@@ -1998,7 +2002,7 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname )
 
     memcpy( ssl->hostname, (unsigned char *) hostname,
             ssl->hostname_len );
-    
+
     ssl->hostname[ssl->hostname_len] = '\0';
 
     return( 0 );