sar/sadf: Add checks on file's header size read from file

sa_open_read_magic() reads file's magic structure and in particular the
size of the header structure to come.
header_size field in file_magic structure exists only with versions
10.3.1 and later. So checking bounds for header_size is done only for
those versions, based on the values of sysstat_version and
sysstat_patchlevel.
With a corrupted datafile (i.e. a file having the right FORMAT_MAGIC
value but values corresponding to older sysstat versions in
sysstat_version and sysstat_patchlevel), the test is not done.
So do it again in check_file_actlst() function.

Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>

diff --git a/sa_common.c b/sa_common.c
index 566c242954149b376862753a5255aa52fcd52cb8..de0a456d30bb0a996301a54b1ab2dbaa22bd9b98 100644 (file)
--- a/sa_common.c
+++ b/sa_common.c
@@ -1605,7 +1605,15 @@ void check_file_actlst(int *ifd, char *dfile, struct activity *act[],
                 */
                return;
 
-       /* We know now that we have a *compatible* sysstat datafile format */
+       /*
+        * We know now that we have a *compatible* sysstat datafile format
+        * (correct FORMAT_MAGIC value), and in this case, we should have
+        * checked header_size value. Anyway, with a corrupted datafile,
+        * this may not be the case. So check again.
+        */
+       if ((file_magic->header_size <= MIN_FILE_HEADER_SIZE) ||
+           (file_magic->header_size > MAX_FILE_HEADER_SIZE))
+               goto format_error;
 
        /* Allocate buffer for file_header structure */
        SREALLOC(buffer, char, file_magic->header_size);