diff --git a/src/quic_frame.c b/src/quic_frame.c
index 1f2f6004b..c64756317 100644
--- a/src/quic_frame.c
+++ b/src/quic_frame.c
@@ -1241,7 +1241,7 @@ int qc_parse_frm(struct quic_frame *frm, struct quic_rx_packet *pkt,
 	}
 
 	parser = qf_parser(frm->type);
-	if (!(parser->mask & (1U << pkt->type))) {
+	if (pkt && !(parser->mask & (1U << pkt->type))) {
 		TRACE_DEVEL("unauthorized frame", QUIC_EV_CONN_PRSFRM, qc, frm);
 		goto leave;
 	}
@@ -1253,7 +1253,8 @@ int qc_parse_frm(struct quic_frame *frm, struct quic_rx_packet *pkt,
 
 	TRACE_PROTO("RX frm", QUIC_EV_CONN_PSTRM, qc, frm);
 
-	pkt->flags |= parser->flags;
+	if (pkt)
+		pkt->flags |= parser->flags;
 
 	ret = 1;
  leave:
@@ -1276,7 +1277,7 @@ int qc_build_frm(unsigned char **pos, const unsigned char *end,
 
 	TRACE_ENTER(QUIC_EV_CONN_BFRM, qc);
 	builder = qf_builder(frm->type);
-	if (!(builder->mask & (1U << pkt->type))) {
+	if (pkt && !(builder->mask & (1U << pkt->type))) {
 		/* XXX This it a bug to send an unauthorized frame with such a packet type XXX */
 		TRACE_ERROR("unauthorized frame", QUIC_EV_CONN_BFRM, qc, frm);
 		BUG_ON(!(builder->mask & (1U << pkt->type)));
@@ -1293,7 +1294,8 @@ int qc_build_frm(unsigned char **pos, const unsigned char *end,
 		goto leave;
 	}
 
-	pkt->flags |= builder->flags;
+	if (pkt)
+		pkt->flags |= builder->flags;
 	*pos = p;
 
 	ret = 1;