Hello,

The diff add a consideration if the struct has a tailpadding.
(Actually it doesn't have)  config_setradserver() already considers
this.

ok?

Index: config.c
===================================================================
RCS file: /var/cvs/openbsd/src/sbin/iked/config.c,v
diff -u -p -r1.99 config.c
--- config.c	15 Sep 2024 11:08:50 -0000	1.99
+++ config.c	12 Dec 2025 04:02:55 -0000
@@ -1223,7 +1223,7 @@ config_getradserver(struct iked *env, st
 	struct iked_radserver	*server;
 
 	len = IMSG_DATA_SIZE(imsg);
-	if (len <= sizeof(*server))
+	if (len < offsetof(struct iked_radserver, rs_secret[0]))
 		fatalx("%s: invalid IMSG_CFG_RADSERVER message", __func__);
 
 	if ((server = calloc(1, len)) == NULL) {