diff --git a/components/net/sf/briar/transport/HeaderEncoder.java b/components/net/sf/briar/transport/HeaderEncoder.java
index 18b3aecef2546883fcf1d719c663701bd09dac0d..42c80d352952d05d37d4692bd0b7cc2071c354a8 100644
--- a/components/net/sf/briar/transport/HeaderEncoder.java
+++ b/components/net/sf/briar/transport/HeaderEncoder.java
@@ -1,8 +1,6 @@
 package net.sf.briar.transport;
 
 import static net.sf.briar.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
-import static net.sf.briar.api.transport.TransportConstants.MAC_LENGTH;
-import static net.sf.briar.api.transport.TransportConstants.MAX_FRAME_LENGTH;
 import net.sf.briar.util.ByteUtils;
 
 class HeaderEncoder {
@@ -22,15 +20,6 @@ class HeaderEncoder {
 		ByteUtils.writeUint16(padding, header, 6);
 	}
 
-	static boolean validateHeader(byte[] header) {
-		if(header.length < FRAME_HEADER_LENGTH) return false;
-		int payload = ByteUtils.readUint16(header, 4);
-		int padding = ByteUtils.readUint16(header, 6);
-		int frameLength = FRAME_HEADER_LENGTH + payload + padding + MAC_LENGTH;
-		if(frameLength > MAX_FRAME_LENGTH) return false;
-		return true;
-	}
-
 	static long getFrameNumber(byte[] header) {
 		if(header.length < FRAME_HEADER_LENGTH)
 			throw new IllegalArgumentException();
diff --git a/components/net/sf/briar/transport/IncomingAuthenticationLayerImpl.java b/components/net/sf/briar/transport/IncomingAuthenticationLayerImpl.java
index 4c33c29e155d0ae961ce0c8737ee3d1944a4c5e9..c2332c74583aa9c2405e7735618464aeeffe9c33 100644
--- a/components/net/sf/briar/transport/IncomingAuthenticationLayerImpl.java
+++ b/components/net/sf/briar/transport/IncomingAuthenticationLayerImpl.java
@@ -2,6 +2,7 @@ package net.sf.briar.transport;
 
 import static net.sf.briar.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
 import static net.sf.briar.api.transport.TransportConstants.MAC_LENGTH;
+import static net.sf.briar.api.transport.TransportConstants.MAX_FRAME_LENGTH;
 
 import java.io.IOException;
 import java.security.InvalidKeyException;
@@ -35,19 +36,22 @@ class IncomingAuthenticationLayerImpl implements IncomingAuthenticationLayer {
 		// Read a frame
 		if(!in.readFrame(f, window)) return false;
 		// Check that the length is legal
-		byte[] buf = f.getBuffer();
-		if(!HeaderEncoder.validateHeader(buf)) throw new InvalidDataException();
+		int length = f.getLength();
+		if(length < FRAME_HEADER_LENGTH + MAC_LENGTH)
+			throw new InvalidDataException();
+		if(length > MAX_FRAME_LENGTH) throw new InvalidDataException();
 		// Check that the payload and padding lengths are correct
+		byte[] buf = f.getBuffer();
 		int payload = HeaderEncoder.getPayloadLength(buf);
 		int padding = HeaderEncoder.getPaddingLength(buf);
-		if(f.getLength() != FRAME_HEADER_LENGTH + payload + padding
-				+ MAC_LENGTH) throw new InvalidDataException();
+		if(length != FRAME_HEADER_LENGTH + payload + padding + MAC_LENGTH)
+			throw new InvalidDataException();
 		// Check that the padding is all zeroes
 		int paddingStart = FRAME_HEADER_LENGTH + payload;
 		for(int i = paddingStart; i < paddingStart + padding; i++) {
 			if(buf[i] != 0) throw new InvalidDataException();
 		}
-		// Check the MAC
+		// Verify the MAC
 		int macStart = FRAME_HEADER_LENGTH + payload + padding;
 		mac.update(buf, 0, macStart);
 		byte[] expectedMac = mac.doFinal();