diff -Nru mipv6-daemon-umip-0.4.orig/src/ha.c mipv6-daemon-umip-0.4/src/ha.c
--- mipv6-daemon-umip-0.4.orig/src/ha.c	2010-07-14 16:18:33.721547523 +0200
+++ mipv6-daemon-umip-0.4/src/ha.c	2010-07-14 16:19:03.935040609 +0200
@@ -105,7 +105,8 @@
 		if (opt[0] == ND_OPT_PREFIX_INFORMATION) {
 			struct nd_opt_prefix_info *p;
 			p = (struct nd_opt_prefix_info *)opt;
-			if (p->nd_opt_pi_prefix_len > 128)
+
+			if (olen < sizeof(*p) || p->nd_opt_pi_prefix_len > 128)
 				return;
 			p->nd_opt_pi_valid_time = 
 				ntohl(p->nd_opt_pi_valid_time);
@@ -118,6 +119,10 @@
 			   ra->nd_ra_flags_reserved & ND_RA_FLAG_HOME_AGENT) {
 			struct nd_opt_homeagent_info *hainfo;
 			hainfo = (struct nd_opt_homeagent_info *)opt;
+
+			if (olen < sizeof(*hainfo))
+				return;
+
 			pref = ntohs(hainfo->nd_opt_hai_preference);
 			life = ntohs(hainfo->nd_opt_hai_lifetime);
 		}
diff -Nru mipv6-daemon-umip-0.4.orig/src/mn.c mipv6-daemon-umip-0.4/src/mn.c
--- mipv6-daemon-umip-0.4.orig/src/mn.c	2010-07-14 16:18:33.724547328 +0200
+++ mipv6-daemon-umip-0.4/src/mn.c	2010-07-14 16:21:50.318547906 +0200
@@ -1639,10 +1639,8 @@
 	iif = pkt_info.ipi6_ifindex;
 	na = (struct nd_neighbor_advert *)msg;
 
-	if (iif != ifindex || 
-	    hoplimit < 255 || na->nd_na_code != 0 ||
-	    len < sizeof(struct nd_neighbor_advert) ||
-	    IN6_IS_ADDR_MULTICAST(&na->nd_na_target) ||
+	if (iif != ifindex || hoplimit < 255 || len < sizeof(*na) ||
+	    na->nd_na_code != 0 || IN6_IS_ADDR_MULTICAST(&na->nd_na_target) ||
 	    (na->nd_na_flags_reserved & ND_NA_FLAG_SOLICITED &&
 	     IN6_IS_ADDR_MULTICAST(daddr)))
 		return 0;