diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 233da7bfc..40d4a3381 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -6202,6 +6202,15 @@ static void handle_auth_cb(struct hostapd_data *hapd,
 		return;
 	}
 
+	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
+		wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
+			   (unsigned long) len);
+		auth_alg = 0;
+		auth_transaction = 0;
+		status_code = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+
 	auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
 	auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
 	status_code = le_to_host16(mgmt->u.auth.status_code);
@@ -6213,12 +6222,6 @@ static void handle_auth_cb(struct hostapd_data *hapd,
 		goto fail;
 	}
 
-	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
-		wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
-			   (unsigned long) len);
-		goto fail;
-	}
-
 	if (status_code == WLAN_STATUS_SUCCESS &&
 	    ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
 	     (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {