diff --git a/sys/dev/raidframe/rf_netbsdkintf.c b/sys/dev/raidframe/rf_netbsdkintf.c
index 0fb79f5eee41..464cff36e83a 100644
--- a/sys/dev/raidframe/rf_netbsdkintf.c
+++ b/sys/dev/raidframe/rf_netbsdkintf.c
@@ -1487,6 +1487,11 @@ raidioctl(dev_t dev, u_long cmd, void *data, int flag, struct lwp *l)
 	case RAIDFRAME_CONFIGURE:
 		if ((retcode = rf_getConfiguration(rs, data, &k_cfg)) != 0)
 			return retcode;
+		if (k_cfg->numCol > RF_MAXCOL ||
+		    k_cfg->numSpare > RF_MAXSPARE) {
+			RF_Free(k_cfg, sizeof(*k_cfg));
+			return EINVAL;
+		}
 		return rf_construct(rs, k_cfg);
 
 		/* shutdown the system */