From e47decea4780a30fe7a46b72a993848476da99a1 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Wed, 4 Mar 2026 07:00:26 -0500
Subject: [PATCH] Fix for loop exit condition.

size should be length.  s includes offset, so it must be compared against
length, not size because size is only what is after offset.
---
 src/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tls.c b/src/tls.c
index 1cad29ab2cd..5b29f1d8322 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1910,7 +1910,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length,
         return BUFFER_ERROR;
 
     /* validating length of entries before accepting */
-    for (s = input + offset; (s - input) < size; s += wlen) {
+    for (s = input + offset; (s - input) < length; s += wlen) {
         wlen = *s++;
         if (wlen == 0 || (s + wlen - input) > length)
             return BUFFER_ERROR;