diff --git a/src/eap-ttls.c b/src/eap-ttls.c
index f0d34dca..a363dbb2 100644
--- a/src/eap-ttls.c
+++ b/src/eap-ttls.c
@@ -375,7 +375,7 @@ static bool avp_iter_next(struct avp_iter *iter)
 
 	len -= TTLS_AVP_HEADER_LEN;
 
-	if (start + len > end)
+	if (len > end - start)
 		return false;
 
 	if (flags & TTLS_AVP_FLAG_V) {