eap-ttls: Avoid potential overflow

When checking that the length is valid, avoid potentially overflowing
'start + len'

src/eap-ttls.c

@@ -375,7 +375,7 @@ static bool avp_iter_next(struct avp_iter *iter)
 
 	len -= TTLS_AVP_HEADER_LEN;
 
-	if (start + len > end)
+	if (len > end - start)
 		return false;
 
 	if (flags & TTLS_AVP_FLAG_V) {