diff --git a/CMakeLists.txt b/CMakeLists.txt
index 50ddb66daa5d9981f8a952feb42c41891ac589fe..07e48a064f149532fe3909d34f2bb554e6f96acb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2,7 +2,7 @@ project(cellframe-sdk C)
 cmake_minimum_required(VERSION 2.8)
 
 set(CMAKE_C_STANDARD 11)
-set(CELLFRAME_SDK_NATIVE_VERSION "2.6-9")
+set(CELLFRAME_SDK_NATIVE_VERSION "2.6-10")
 add_definitions ("-DCELLFRAME_SDK_VERSION=\"${CELLFRAME_SDK_NATIVE_VERSION}\"")
 
 set(DAPSDK_MODULES "")
diff --git a/dap-sdk/crypto/src/dap_enc_bf.c b/dap-sdk/crypto/src/dap_enc_bf.c
index 025f2b726dda964fe39598e94d8a87acd7758786..86681c164960bb5b61ab5ac38e5bc2ec8a84fab3 100644
--- a/dap-sdk/crypto/src/dap_enc_bf.c
+++ b/dap-sdk/crypto/src/dap_enc_bf.c
@@ -114,8 +114,11 @@ size_t dap_enc_bf_cbc_decrypt_fast(struct dap_enc_key *a_key, const void * a_in,
                    a_key->priv_key_data, iv, BF_DECRYPT);
 
     int bf_cbc_padding_length = *(uint8_t*)(a_out + a_in_size - BLOWFISH_BLOCK_SIZE - 1);
-
     size_t a_out_size = *(uint32_t*)(a_out + a_in_size - BLOWFISH_BLOCK_SIZE - 1 - bf_cbc_padding_length - 4);
+    if (a_out_size > a_in_size + BLOWFISH_BLOCK_SIZE) {
+        log_it(L_WARNING, "blowfish_cbc decryption out size %d too big", a_out_size);
+        return a_in_size + BLOWFISH_BLOCK_SIZE;
+    }
     return a_out_size;
 }
 
@@ -126,7 +129,7 @@ size_t dap_enc_bf_cbc_encrypt_fast(struct dap_enc_key * a_key, const void * a_in
     //generate iv and put it in *a_out first bytes
     size_t a_out_size = (a_in_size + 4 + 1 + BLOWFISH_BLOCK_SIZE-1)/BLOWFISH_BLOCK_SIZE*BLOWFISH_BLOCK_SIZE + BLOWFISH_BLOCK_SIZE;
     if(a_out_size > buf_out_size) {
-        log_it(L_ERROR, "blowfish_cbc fast_encryption too small buf_out_size");
+        log_it(L_ERROR, "blowfish_cbc fast_encryption too small buf_out_size, %d < %d", buf_out_size, a_out_size);
         return 0;
     }