diff --git a/[refs] b/[refs]
index 6490b8022195..fe6f9e9a30c6 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512
+refs/heads/master: a601266e4f3c479790f373c2e3122a766d123652
diff --git a/trunk/net/sctp/sm_statefuns.c b/trunk/net/sctp/sm_statefuns.c
index 174f7a7c6cd1..8bc279219a72 100644
--- a/trunk/net/sctp/sm_statefuns.c
+++ b/trunk/net/sctp/sm_statefuns.c
@@ -1019,6 +1019,12 @@ sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep,
 						  commands);
 
 	hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
+	/* Make sure that the length of the parameter is what we expect */
+	if (ntohs(hbinfo->param_hdr.length) !=
+				    sizeof(sctp_sender_hb_info_t)) {
+		return SCTP_DISPOSITION_DISCARD;
+	}
+
 	from_addr = hbinfo->daddr;
 	link = sctp_assoc_lookup_paddr(asoc, &from_addr);