diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c
index c28fefa4c..824d35c04 100644
--- a/wpa_supplicant/gas_query.c
+++ b/wpa_supplicant/gas_query.c
@@ -512,6 +512,14 @@ int gas_query_rx(struct gas_query *gas, const u8 *da, const u8 *sa,
 	if (gas == NULL || len < 4)
 		return -1;
 
+	pos = data;
+	action = *pos++;
+	dialog_token = *pos++;
+
+	if (action != WLAN_PA_GAS_INITIAL_RESP &&
+	    action != WLAN_PA_GAS_COMEBACK_RESP)
+		return -1; /* Not a GAS response */
+
 	prot = categ == WLAN_ACTION_PROTECTED_DUAL;
 	pmf = pmf_in_use(gas->wpa_s, sa);
 	if (prot && !pmf) {
@@ -523,14 +531,6 @@ int gas_query_rx(struct gas_query *gas, const u8 *da, const u8 *sa,
 		return 0;
 	}
 
-	pos = data;
-	action = *pos++;
-	dialog_token = *pos++;
-
-	if (action != WLAN_PA_GAS_INITIAL_RESP &&
-	    action != WLAN_PA_GAS_COMEBACK_RESP)
-		return -1; /* Not a GAS response */
-
 	query = gas_query_get_pending(gas, sa, dialog_token);
 	if (query == NULL) {
 		wpa_printf(MSG_DEBUG, "GAS: No pending query found for " MACSTR