===== net/key/af_key.c 1.61 vs edited =====
--- 1.61/net/key/af_key.c	2004-06-06 18:27:42 +10:00
+++ edited/net/key/af_key.c	2004-06-25 19:33:51 +10:00
@@ -1075,6 +1075,15 @@
 		n_type = ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1];
 		natt->encap_type = n_type->sadb_x_nat_t_type_type;
 
+		switch (natt->encap_type) {
+		case UDP_ENCAP_ESPINUDP:
+		case UDP_ENCAP_ESPINUDP_NON_IKE:
+			break;
+		default:
+			err = -ENOPROTOOPT;
+			goto out;
+		}
+
 		if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
 			struct sadb_x_nat_t_port* n_port =
 				ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
===== net/xfrm/xfrm_user.c 1.42 vs edited =====
--- 1.42/net/xfrm/xfrm_user.c	2004-03-25 09:18:34 +11:00
+++ edited/net/xfrm/xfrm_user.c	2004-06-25 19:33:51 +10:00
@@ -78,6 +78,15 @@
 	if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap))
 		return -EINVAL;
 
+	encap = RTA_DATA(rt);
+	switch (encap->encap_type) {
+	case UDP_ENCAP_ESPINUDP:
+	case UDP_ENCAP_ESPINUDP_NON_IKE:
+		break;
+	default:
+		return -ENOPROTOOPT;
+	}
+
 	return 0;
 }