sa_open_read_magic() reads file's magic structure and in particular the
size of the header structure to come.
header_size field in file_magic structure exists only with versions
10.3.1 and later. So checking bounds for header_size is done only for
those versions, based on the values of sysstat_version and
sysstat_patchlevel.
With a corrupted datafile (i.e. a file having the right FORMAT_MAGIC
value but values corresponding to older sysstat versions in
sysstat_version and sysstat_patchlevel), the test is not done.
So do it again in check_file_actlst() function.
Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
*/
return;
- /* We know now that we have a *compatible* sysstat datafile format */
+ /*
+ * We know now that we have a *compatible* sysstat datafile format
+ * (correct FORMAT_MAGIC value), and in this case, we should have
+ * checked header_size value. Anyway, with a corrupted datafile,
+ * this may not be the case. So check again.
+ */
+ if ((file_magic->header_size <= MIN_FILE_HEADER_SIZE) ||
+ (file_magic->header_size > MAX_FILE_HEADER_SIZE))
+ goto format_error;
/* Allocate buffer for file_header structure */
SREALLOC(buffer, char, file_magic->header_size);