diff -ur linux-2.6.24.2.orig/net/ipv4/esp4.c linux-2.6.24.2/net/ipv4/esp4.c
--- linux-2.6.24.2.orig/net/ipv4/esp4.c	2008-01-24 23:58:37.000000000 +0100
+++ linux-2.6.24.2/net/ipv4/esp4.c	2008-02-12 09:02:56.000000000 +0100
@@ -165,7 +165,7 @@
 	int padlen;
 	int err;
 
-	if (!pskb_may_pull(skb, sizeof(*esph)))
+	if (!pskb_may_pull(skb, sizeof(*esph) + esp->conf.ivlen))
 		goto out;
 
 	if (elen <= 0 || (elen & (blksize-1)))
diff -ur linux-2.6.24.2.orig/net/ipv6/esp6.c linux-2.6.24.2/net/ipv6/esp6.c
--- linux-2.6.24.2.orig/net/ipv6/esp6.c	2008-01-24 23:58:37.000000000 +0100
+++ linux-2.6.24.2/net/ipv6/esp6.c	2008-02-12 09:03:15.000000000 +0100
@@ -155,7 +155,7 @@
 	int nfrags;
 	int ret = 0;
 
-	if (!pskb_may_pull(skb, sizeof(*esph))) {
+	if (!pskb_may_pull(skb, sizeof(*esph) + esp->conf.ivlen)) {
 		ret = -EINVAL;
 		goto out;
 	}