From 22faf3482ce91ce4bb41e014049b3af835cbeb1c Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Fri, 14 Jan 2022 08:57:27 -0600
Subject: [PATCH] eap-ttls: Avoid potential overflow

When checking that the length is valid, avoid potentially overflowing
'start + len'
---
 src/eap-ttls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/eap-ttls.c b/src/eap-ttls.c
index f0d34dca..a363dbb2 100644
--- a/src/eap-ttls.c
+++ b/src/eap-ttls.c
@@ -375,7 +375,7 @@ static bool avp_iter_next(struct avp_iter *iter)
 
 	len -= TTLS_AVP_HEADER_LEN;
 
-	if (start + len > end)
+	if (len > end - start)
 		return false;
 
 	if (flags & TTLS_AVP_FLAG_V) {