diff --git a/sys/netpfil/ipfilter/netinet/fil.c b/sys/netpfil/ipfilter/netinet/fil.c
--- a/sys/netpfil/ipfilter/netinet/fil.c
+++ b/sys/netpfil/ipfilter/netinet/fil.c
@@ -3924,7 +3924,7 @@
 				continue;
 			if (fr->fr_ifnames[i] < 0)
 				continue;
-			if (strlen(fr->fr_ifnames[i]) > fr->fr_namelen)
+			if (fr->fr_namelen > MAX_IFNAME_LENGTH && strlen(fr->fr_ifnames[i]) > fr->fr_namelen)
 				continue;
 			name = FR_NAME(fr, fr_ifnames[i]);
 			fr->fr_ifas[i] = ipf_resolvenic(softc, name, v);
diff --git a/sys/netpfil/ipfilter/netinet/ip_fil.h b/sys/netpfil/ipfilter/netinet/ip_fil.h
--- a/sys/netpfil/ipfilter/netinet/ip_fil.h
+++ b/sys/netpfil/ipfilter/netinet/ip_fil.h
@@ -457,6 +457,11 @@
  */
 #define	FI_COPYSIZE	offsetof(fr_info_t, fin_dp)
 
+/*
+ * Maximum interface name length
+ */
+#define MAX_IFNAME_LENGTH	16
+
 /*
  * Structure for holding IPFilter's tag information
  */
diff --git a/sys/netpfil/ipfilter/netinet/ip_nat.c b/sys/netpfil/ipfilter/netinet/ip_nat.c
--- a/sys/netpfil/ipfilter/netinet/ip_nat.c
+++ b/sys/netpfil/ipfilter/netinet/ip_nat.c
@@ -1543,7 +1543,7 @@
 	/*
 	 * Initialise all of the address fields.
 	 */
-	if (strlen(n->in_names) > n->in_namelen) {
+	if (n->in_namelen > MAX_IFNAME_LENGTH && strlen(n->in_names) > n->in_namelen) {
 		IPFERROR(60077);
 		return (EINVAL);
 	}