From afa3570d6f618e1a7f4cb956a90be361bc9767ab Mon Sep 17 00:00:00 2001
From: Sam Leffler <sam@FreeBSD.org>
Date: Wed, 9 Mar 2005 15:28:48 +0000
Subject: [PATCH] correct space check

Submitted by:	ume
---
 sys/netipsec/ipsec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 51b39ed02048..b2c31d0ce5ef 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -669,7 +669,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport)
 			spidx->dst.sin.sin_port = uh.uh_dport;
 			return;
 		case IPPROTO_AH:
-			if (m->m_pkthdr.len > off + sizeof(ip6e))
+			if (off + sizeof(ip6e) > m->m_pkthdr.len)
 				goto done;
 			/* XXX sigh, this works but is totally bogus */
 			m_copydata(m, off, sizeof(ip6e), (caddr_t) &ip6e);