diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index afa952e726d7c9ab8b2c8951d5ffdcd87fe47aca..9b9b2c31dd15c780eac5d80e5fcae45572b781bf 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3144,7 +3144,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk,
 		goto out;
 	}
 
-	if (authkey->sca_keylength > optlen) {
+	if (authkey->sca_keylength > optlen - sizeof(struct sctp_authkey)) {
 		ret = -EINVAL;
 		goto out;
 	}