diff --git a/source/libcli/raw/smb_signing.c b/source/libcli/raw/smb_signing.c
index 4acfb9d..1bc93cb 100644
--- a/source/libcli/raw/smb_signing.c
+++ b/source/libcli/raw/smb_signing.c
@@ -329,6 +329,8 @@ bool smbcli_simple_set_signing(TALLOC_CTX *mem_ctx,
 			       const DATA_BLOB *user_session_key, 
 			       const DATA_BLOB *response)
 {
+	size_t user_session_key_length;
+	user_session_key_length = MAX(user_session_key->length, 16);
 	if (sign_info->mandatory_signing) {
 		DEBUG(5, ("Mandatory SMB signing enabled!\n"));
 	}
@@ -336,15 +338,15 @@ bool smbcli_simple_set_signing(TALLOC_CTX *mem_ctx,
 	DEBUG(5, ("SMB signing enabled!\n"));
 
 	if (response && response->length) {
-		sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, response->length + user_session_key->length);
+		sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, response->length + user_session_key_length);
 	} else {
-		sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, user_session_key->length);
+		sign_info->mac_key = data_blob_talloc(mem_ctx, NULL, user_session_key_length);
 	}
 		
-	memcpy(&sign_info->mac_key.data[0], user_session_key->data, user_session_key->length);
+	memcpy(&sign_info->mac_key.data[0], user_session_key->data, user_session_key_length);
 
 	if (response && response->length) {
-		memcpy(&sign_info->mac_key.data[user_session_key->length],response->data, response->length);
+		memcpy(&sign_info->mac_key.data[user_session_key_length],response->data, response->length);
 	}
 
 	dump_data_pw("Started Signing with key:\n", sign_info->mac_key.data, sign_info->mac_key.length);