diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
index e33fe3e20..58253f976 100644
--- a/src/eap_common/eap_sim_common.c
+++ b/src/eap_common/eap_sim_common.c
@@ -554,8 +554,20 @@ int eap_sim_parse_attr(const u8 *start, const u8 *end,
 			break;
 		case EAP_SIM_AT_IDENTITY:
 			wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IDENTITY");
-			attr->identity = apos + 2;
-			attr->identity_len = alen - 2;
+			plen = WPA_GET_BE16(apos);
+			apos += 2;
+			alen -= 2;
+			if (plen > alen) {
+				wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
+					   "AT_IDENTITY (Actual Length %lu, "
+					   "remaining length %lu)",
+					   (unsigned long) plen,
+					   (unsigned long) alen);
+				return -1;
+			}
+
+			attr->identity = apos;
+			attr->identity_len = plen;
 			break;
 		case EAP_SIM_AT_VERSION_LIST:
 			if (aka) {