diff -ur linux-2.6.25-rc2.orig/net/ipv4/esp4.c linux-2.6.25-rc2/net/ipv4/esp4.c
--- linux-2.6.25-rc2.orig/net/ipv4/esp4.c	2008-02-22 21:58:26.000000000 +0100
+++ linux-2.6.25-rc2/net/ipv4/esp4.c	2008-02-22 21:59:03.000000000 +0100
@@ -336,7 +336,7 @@
 	struct scatterlist *asg;
 	int err = -EINVAL;
 
-	if (!pskb_may_pull(skb, sizeof(*esph)))
+	if (!pskb_may_pull(skb, sizeof(*esph) + crypto_aead_ivsize(aead)))
 		goto out;
 
 	if (elen <= 0)
diff -ur linux-2.6.25-rc2.orig/net/ipv6/esp6.c linux-2.6.25-rc2/net/ipv6/esp6.c
--- linux-2.6.25-rc2.orig/net/ipv6/esp6.c	2008-02-22 21:58:26.000000000 +0100
+++ linux-2.6.25-rc2/net/ipv6/esp6.c	2008-02-22 21:59:03.000000000 +0100
@@ -282,7 +282,7 @@
 	struct scatterlist *sg;
 	struct scatterlist *asg;
 
-	if (!pskb_may_pull(skb, sizeof(*esph))) {
+	if (!pskb_may_pull(skb, sizeof(*esph) + crypto_aead_ivsize(aead))) {
 		ret = -EINVAL;
 		goto out;
 	}