diff --git a/dev/udp/udp-perturb.c b/dev/udp/udp-perturb.c
index ca8c0dcd8..8a851fc49 100644
--- a/dev/udp/udp-perturb.c
+++ b/dev/udp/udp-perturb.c
@@ -275,6 +275,18 @@ int add_connection(struct sockaddr_storage *ss)
 	return -1;
 }
 
+/* Corrupt <buf> buffer with <buflen> as length if required */
+static void pktbuf_apply_corruption(char *buf, size_t buflen)
+{
+	if (corr_rate > 0 && prng(100) < corr_rate) {
+		unsigned int rnd = prng(corr_span * 256); // pos and value
+		unsigned int pos = corr_base + (rnd >> 8);
+
+		if (pos < buflen)
+			buf[pos] ^= rnd;
+	}
+}
+
 /* Handle a read operation on an front FD. Will either reuse the existing
  * connection if the source is found, or will allocate a new one, possibly
  * replacing the oldest one. Returns <0 on error or the number of bytes
@@ -323,13 +335,7 @@ int handle_frt(int fd, struct pollfd *pfd, struct conn *conns, int nbconn)
 	if (ret < 0)
 		return errno == EAGAIN ? 0 : -1;
 
-	if (corr_rate > 0 && prng(100) < corr_rate) {
-		unsigned int rnd = prng(corr_span * 256); // pos and value
-		unsigned int pos = corr_base + (rnd >> 8);
-
-		if (pos < ret)
-			pktbuf[pos] ^= rnd;
-	}
+	pktbuf_apply_corruption(pktbuf, ret);
 
 	conn = NULL;
 	for (i = 0; i < nbconn; i++) {
@@ -411,6 +417,8 @@ int handle_bck(int fd, struct pollfd *pfd, struct conn *conns, int nbconn)
 	if (ret < 0)
 		return errno == EAGAIN ? 0 : -1;
 
+	pktbuf_apply_corruption(pktbuf, ret);
+
 	conn = conn_bck_lookup(conns, nbconn, fd);
 	if (!conn)
 		return 0;