diff --git a/net/sctp/input.c b/net/sctp/input.c
index 8b7c07fc66d4bde36d23bd8008f6cd378099ffb3..64dc2923a21b080e8ce397238ec224cc113437e6 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -687,7 +687,7 @@ static int sctp_rcv_ootb(struct sk_buff *skb)
 		ch = skb_header_pointer(skb, offset, sizeof(*ch), &_ch);
 
 		/* Break out if chunk length is less then minimal. */
-		if (ntohs(ch->length) < sizeof(_ch))
+		if (!ch || ntohs(ch->length) < sizeof(_ch))
 			break;
 
 		ch_end = offset + SCTP_PAD4(ntohs(ch->length));