diff --git a/fido2/ctap.c b/fido2/ctap.c
index 0a0a65c..c18bdc7 100644
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@@ -1216,7 +1216,7 @@ int ctap_filter_invalid_credentials(CTAP_getAssertion * GA)
             if (memcmp(rk.id.rpIdHash, rpIdHash, 32) == 0)
             {
                 printf1(TAG_GA, "RK %d is a rpId match!\r\n", i);
-                if (count == ALLOW_LIST_MAX_SIZE-1)
+                if (count >= ALLOW_LIST_MAX_SIZE)
                 {
                     printf2(TAG_ERR, "not enough ram allocated for matching RK's (%d).  Skipping.\r\n", count);
                     break;