diff --git a/[refs] b/[refs]
index e2d62a410bea..14aa1ba37cdb 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 18e1d836002ad970f42736bad09b7be9cfe99545
+refs/heads/master: 860239c56bbc7c830bdbcec93b140f22a5a5219b
diff --git a/trunk/net/dccp/ipv6.c b/trunk/net/dccp/ipv6.c
index 25826b1bf685..5e1ee0da2c40 100644
--- a/trunk/net/dccp/ipv6.c
+++ b/trunk/net/dccp/ipv6.c
@@ -96,6 +96,12 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 	__u64 seq;
 	struct net *net = dev_net(skb->dev);
 
+	if (skb->len < offset + sizeof(*dh) ||
+	    skb->len < offset + __dccp_basic_hdr_len(dh)) {
+		ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
+		return;
+	}
+
 	sk = inet6_lookup(net, &dccp_hashinfo,
 			&hdr->daddr, dh->dccph_dport,
 			&hdr->saddr, dh->dccph_sport, inet6_iif(skb));