diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c
index bd1e357065d..30d6d94723f 100644
--- a/sbin/sysctl/sysctl.c
+++ b/sbin/sysctl/sysctl.c
@@ -1030,7 +1030,8 @@ show_var(int *oid, int nlen, bool honor_skip)
 	}
 
 	/* keep track of encountered skip nodes, ignoring descendants */
-	if (skip_len == 0 && (kind & CTLFLAG_SKIP) != 0) {
+	if ((skip_len == 0 || skip_len >= nlen * (int)sizeof(int)) &&
+	    (kind & CTLFLAG_SKIP) != 0) {
 		/* Save this oid so we can skip descendants. */
 		skip_len = nlen * sizeof(int);
 		memcpy(skip_oid, oid, skip_len);