From 7fc7bda4f0ba32010467f5bf8c52616f6f600f42 Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Wed, 17 Oct 2007 21:30:34 -0700
Subject: [PATCH] --- yaml --- r: 71287 b: refs/heads/master c:
 440725000cba0b1a68ca2df20124be3a5b7f7702 h: refs/heads/master i:   71285:
 1a9a32176a748389f4c2c47c93bcf29066640be9   71283:
 4287a4029a77228f6a47b13a7eddc2b7e31d40fe   71279:
 40d23944773ff571dfcde8dbea811d3f84763a59 v: v3

---
 [refs]                      | 2 +-
 trunk/net/xfrm/xfrm_input.c | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/[refs] b/[refs]
index 0dbee3d93274..8cbf654cddf8 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 7aa68cb90638ccc36559a936814e4c089892b3d9
+refs/heads/master: 440725000cba0b1a68ca2df20124be3a5b7f7702
diff --git a/trunk/net/xfrm/xfrm_input.c b/trunk/net/xfrm/xfrm_input.c
index 113f44429982..cb97fda1b6df 100644
--- a/trunk/net/xfrm/xfrm_input.c
+++ b/trunk/net/xfrm/xfrm_input.c
@@ -49,13 +49,16 @@ EXPORT_SYMBOL(secpath_dup);
 int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
 {
 	int offset, offset_seq;
+	int hlen;
 
 	switch (nexthdr) {
 	case IPPROTO_AH:
+		hlen = sizeof(struct ip_auth_hdr);
 		offset = offsetof(struct ip_auth_hdr, spi);
 		offset_seq = offsetof(struct ip_auth_hdr, seq_no);
 		break;
 	case IPPROTO_ESP:
+		hlen = sizeof(struct ip_esp_hdr);
 		offset = offsetof(struct ip_esp_hdr, spi);
 		offset_seq = offsetof(struct ip_esp_hdr, seq_no);
 		break;
@@ -69,7 +72,7 @@ int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
 		return 1;
 	}
 
-	if (!pskb_may_pull(skb, 16))
+	if (!pskb_may_pull(skb, hlen))
 		return -EINVAL;
 
 	*spi = *(__be32*)(skb_transport_header(skb) + offset);