sadc: Fix untrusted value used as argument

Variable file_magic.header_size was used as argument though its value
hadn't been checked before.
Fix this.

CID #29720.

Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>

diff --git a/sadc.c b/sadc.c
index 6d32a1f5f66bf773134d4fd0259e156221ef360c..31fa9ed6f3630c32014108e33e8fac088c45e91a 100644 (file)
--- a/sadc.c
+++ b/sadc.c
@@ -847,7 +847,8 @@ void open_ofile(int *ofd, char ofile[], int restart_mark)
        }
        if ((sz != FILE_MAGIC_SIZE) ||
            (file_magic.sysstat_magic != SYSSTAT_MAGIC) ||
-           (file_magic.format_magic != FORMAT_MAGIC)) {
+           (file_magic.format_magic != FORMAT_MAGIC) ||
+           (file_magic.header_size > MAX_FILE_HEADER_SIZE)) {
                if (FORCE_FILE(flags)) {
                        close(*ofd);
                        /* -F option used: Truncate file */