--- sys/net80211/ieee80211_ioctl.c.orig
+++ sys/net80211/ieee80211_ioctl.c
@@ -1591,7 +1591,7 @@
 	    ("expected opmode IBSS or AHDEMO not %s",
 	    ieee80211_opmode_name[vap->iv_opmode]));
 
-	if (ssid_len == 0)
+	if (ssid_len == 0 || ssid_len > IEEE80211_NWID_LEN)
 		return EINVAL;
 
 	sr = IEEE80211_MALLOC(sizeof(*sr), M_TEMP,
--- sys/net80211/ieee80211_node.c.orig
+++ sys/net80211/ieee80211_node.c
@@ -1132,7 +1132,7 @@
 
 	ie = ies->data;
 	ielen = ies->len;
-	while (ielen > 0) {
+	while (ielen > 1) {
 		switch (ie[0]) {
 		case IEEE80211_ELEMID_VENDOR:
 			if (iswpaoui(ie))