aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/netipsec/ipsec.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 51b39ed02048..b2c31d0ce5ef 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -669,7 +669,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
spidx->dst.sin.sin_port = uh.uh_dport;
return;
case IPPROTO_AH:
- if (m->m_pkthdr.len > off + sizeof(ip6e))
+ if (off + sizeof(ip6e) > m->m_pkthdr.len)
goto done;
/* XXX sigh, this works but is totally bogus */
m_copydata(m, off, sizeof(ip6e), (caddr_t) &ip6e);