Fix overflow

diff --git a/test/wifi-aware-test.c b/test/wifi-aware-test.c
index d3cd5af..7ea0c8e 100644 (file)
--- a/test/wifi-aware-test.c
+++ b/test/wifi-aware-test.c
@@ -428,22 +428,26 @@ static int __set_match_filter(unsigned char match_filter[MAX_MATCH_FILTER_LEN +
                return -1;
        }
        for (int i = 0; i < total_num; ++i) {
+               if (total_len > MAX_MATCH_FILTER_LEN) {
+                       printf("The length of filter value is longer than max length(%d)", MAX_MATCH_FILTER_LEN);
+                       return -1;
+               }
                printf("%d match filter len: ", i);
                if (scanf("%d", &len) < 0)
                        return -1;
-               printf("%d match filter value: ", i);
-               if (scanf("%255s", filter) < 0)
-                       return -1;
-               if (len != strlen(filter)) {
-                       printf("The length of filter value is not %d\n", len);
+               if (len <= 0 || len > MAX_MATCH_FILTER_LEN) {
+                       printf("Invalid match filter lentgh");
                        return -1;
                }
-               if (total_len > MAX_MATCH_FILTER_LEN) {
+               if (total_len + len > MAX_MATCH_FILTER_LEN) {
                        printf("The length of filter value is longer than max length(%d)", MAX_MATCH_FILTER_LEN);
                        return -1;
                }
-               if (total_len + len > MAX_MATCH_FILTER_LEN) {
-                       printf("The length of filter value is longer than max length(%d)", MAX_MATCH_FILTER_LEN);
+               printf("%d match filter value: ", i);
+               if (scanf("%255s", filter) < 0)
+                       return -1;
+               if (len != strlen(filter)) {
+                       printf("The length of filter value is not %d\n", len);
                        return -1;
                }
                match_filter[total_len++] = len;