padding_depad + PKCS7 - reject invalid pad 0

src/misc/padding/padding_depad.c

@@ -36,7 +36,7 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon
    if (type < LTC_PAD_ONE_AND_ZERO) {
       pad = data[padded_length - 1];
 
-      if (pad > padded_length) return CRYPT_INVALID_ARG;
+      if (pad > padded_length || pad == 0) return CRYPT_INVALID_ARG;
 
       unpadded_length = padded_length - pad;
    } else {

tests/padding_test.c

@@ -201,10 +201,7 @@ int padding_test(void)
       int err;
 
       err = padding_depad(data, &len, (LTC_PAD_PKCS7 | 16));
-      if (err == CRYPT_OK) {
-         fprintf(stderr, "XXX-FIXME padding_depad should fail (err=%d len=%lu)\n", err, len);
-         /* return CRYPT_FAIL_TESTVECTOR; */
-      }
+      if (err == CRYPT_OK) return CRYPT_FAIL_TESTVECTOR; /* should fail */
    }
 
    return CRYPT_OK;