diff --git a/feeds/ucentral/radius-gw-proxy/src/main.c b/feeds/ucentral/radius-gw-proxy/src/main.c
index 06468e0b3..c8a67f53d 100644
--- a/feeds/ucentral/radius-gw-proxy/src/main.c
+++ b/feeds/ucentral/radius-gw-proxy/src/main.c
@@ -158,9 +158,15 @@ radius_parse(char *buf, unsigned int len, int port, enum socket_type type, int t
 	struct radius_tlv *proxy_state = NULL;
 	char proxy_state_str[256] = {};
 	void *avp = hdr->avp;
-	unsigned int len_orig = ntohs(hdr->len);
+	unsigned int len_orig;
 	uint8_t localhost[] = { 0x7f, 0, 0, 1 };
 
+	if (len < sizeof(*hdr)) {
+		ULOG_ERR("invalid packet length, %d\n", len);
+		return -1;
+	}
+	len_orig = ntohs(hdr->len);
+
 	if (len_orig != len) {
 		ULOG_ERR("invalid header length, %d %d\n", len_orig, len);
 		return -1;