diff --git a/[refs] b/[refs]
index 72d33ec0643b..0fa88c51466e 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 328fc47ea0bcc27d9afa69c3ad6e52431cadd76c
+refs/heads/master: d97240552cd98c4b07322f30f66fd9c3ba4171de
diff --git a/trunk/net/sctp/auth.c b/trunk/net/sctp/auth.c
index 1fcb4cf2f4c9..52db5f60daa0 100644
--- a/trunk/net/sctp/auth.c
+++ b/trunk/net/sctp/auth.c
@@ -786,6 +786,9 @@ int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
 	for (i = 0; i < hmacs->shmac_num_idents; i++) {
 		id = hmacs->shmac_idents[i];
 
+		if (id > SCTP_AUTH_HMAC_ID_MAX)
+			return -EOPNOTSUPP;
+
 		if (SCTP_AUTH_HMAC_ID_SHA1 == id)
 			has_sha1 = 1;
 
diff --git a/trunk/net/sctp/socket.c b/trunk/net/sctp/socket.c
index 9b9b2c31dd15..5ffb9dec1c3f 100644
--- a/trunk/net/sctp/socket.c
+++ b/trunk/net/sctp/socket.c
@@ -3086,6 +3086,7 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk,
 				    int optlen)
 {
 	struct sctp_hmacalgo *hmacs;
+	u32 idents;
 	int err;
 
 	if (!sctp_auth_enable)
@@ -3103,8 +3104,9 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk,
 		goto out;
 	}
 
-	if (hmacs->shmac_num_idents == 0 ||
-	    hmacs->shmac_num_idents > SCTP_AUTH_NUM_HMACS) {
+	idents = hmacs->shmac_num_idents;
+	if (idents == 0 || idents > SCTP_AUTH_NUM_HMACS ||
+	    (idents * sizeof(u16)) > (optlen - sizeof(struct sctp_hmacalgo))) {
 		err = -EINVAL;
 		goto out;
 	}