@@ -1,4 +1,4 @@
-/*	$NetBSD: if_atu.c,v 1.65 2019/05/05 03:17:54 mrg Exp $ */
+/*	$NetBSD: if_atu.c,v 1.65.2.1 2020/08/28 19:36:34 martin Exp $ */
 /*	$OpenBSD: if_atu.c,v 1.48 2004/12/30 01:53:21 dlg Exp $ */
 /*
  * Copyright (c) 2003, 2004
@@ -48,7 +48,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_atu.c,v 1.65 2019/05/05 03:17:54 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_atu.c,v 1.65.2.1 2020/08/28 19:36:34 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_usb.h"
@@ -1678,6 +1678,10 @@
 
 	if (len <= 1) {
 		DPRINTF(("%s: atu_rxeof: too short\n",
+		    device_xname(sc->atu_dev)));
+		goto done;
+	} else if (len > MCLBYTES) {
+		DPRINTF(("%s: atu_rxeof: too long\n",
 		    device_xname(sc->atu_dev)));
 		goto done;
 	}

@@ -1,4 +1,4 @@
-/*	$NetBSD: usbnet.c,v 1.25.2.4 2019/12/17 12:55:10 martin Exp $	*/
+/*	$NetBSD: usbnet.c,v 1.25.2.5 2020/08/28 19:36:34 martin Exp $	*/
 
 /*
  * Copyright (c) 2019 Matthew R. Green
@@ -33,7 +33,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: usbnet.c,v 1.25.2.4 2019/12/17 12:55:10 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: usbnet.c,v 1.25.2.5 2020/08/28 19:36:34 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/kernel.h>
@@ -226,6 +226,9 @@
 usbnet_newbuf(size_t buflen)
 {
 	struct mbuf *m;
+
+	if (buflen > MCLBYTES)
+		return NULL;
 
 	MGETHDR(m, M_DONTWAIT, MT_DATA);
 	if (m == NULL)