diff -Niur linux-2.4.22-oM3-orig/net/ipv4/ip_sockglue.c linux-2.4.22-oM3-setsockopt/net/ipv4/ip_sockglue.c
--- linux-2.4.22-oM3-orig/net/ipv4/ip_sockglue.c	Mon Aug 25 13:44:44 2003
+++ linux-2.4.22-oM3-setsockopt/net/ipv4/ip_sockglue.c	Mon May 17 15:31:22 2004
@@ -622,6 +622,17 @@
 				kfree(msf);
 				break;
 			}
+			/* numsrc >= (1G-4) overflow in 32 bits */
+			if (msf->imsf_numsrc >= 0x3ffffffcU) {
+				kfree(msf);
+				err = -ENOBUFS;
+				break;
+			}
+			if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
+				kfree(msf);
+				err = -EINVAL;
+				break;
+			}
 			err = ip_mc_msfilter(sk, msf, 0);
 			kfree(msf);
 			break;
@@ -760,7 +771,12 @@
 			if (copy_from_user(gsf, optval, optlen)) {
 				goto mc_msf_out;
 			}
-			if (GROUP_FILTER_SIZE(gsf->gf_numsrc) < optlen) {
+			/* numsrc >= (4G-140)/128 overflow in 32 bits */
+			if (gsf->gf_numsrc >= 0x1ffffffU) {
+				err = -ENOBUFS;
+				goto mc_msf_out;
+			}
+			if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
 				err = EINVAL;
 				goto mc_msf_out;
 			}
diff -Niur linux-2.4.22-oM3-orig/net/ipv6/ipv6_sockglue.c linux-2.4.22-oM3-setsockopt/net/ipv6/ipv6_sockglue.c
--- linux-2.4.22-oM3-orig/net/ipv6/ipv6_sockglue.c	Mon Aug 25 13:44:44 2003
+++ linux-2.4.22-oM3-setsockopt/net/ipv6/ipv6_sockglue.c	Mon May 17 15:31:52 2004
@@ -466,6 +466,17 @@
 			kfree(gsf);
 			break;
 		}
+		/* numsrc >= (4G-140)/128 overflow in 32 bits */
+		if (gsf->gf_numsrc >= 0x1ffffffU) {
+			kfree(gsf);
+			retv = -ENOBUFS;
+			break;
+		}
+		if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
+			kfree(gsf);
+			retv = -EINVAL;
+			break;
+		}
 		retv = ip6_mc_msfilter(sk, gsf);
 		kfree(gsf);