From: Sebastien GODARD <sysstat@users.noreply.github.com>
Date: Sun, 25 Oct 2015 14:13:59 +0000 (+0100)
Subject: sadc: Fix insecure data handling, really
X-Git-Tag: v11.2.0~16
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c99a15a7fd22aa9f2b3398aec64201bdedc7f8fb;p=sysstat

sadc: Fix insecure data handling, really

Commit 7ebfd7e checked upper bounds of values read from a possibly
tainted data file.
Add a lower bounds check to really fix the insecure data handling.
CID #29720.

Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
---

diff --git a/sadc.c b/sadc.c
index d2e2cdf..160f9c5 100644
--- a/sadc.c
+++ b/sadc.c
@@ -925,11 +925,11 @@ void open_ofile(int *ofd, char ofile[], int restart_mark)
 			 */
 			goto append_error;
 
-		if (!file_act[i].nr || !file_act[i].nr2 ||
+		if ((file_act[i].nr <= 0) || (file_act[i].nr2 <= 0) ||
 		    (file_act[i].nr > act[p]->nr_max) ||
 		    (file_act[i].nr2 > NR2_MAX)) {
 			/*
-			 * Number of items and subitems should never be null,
+			 * Number of items and subitems should never be zero (or negative)
 			 * or greater than their upper limit.
 			 */
 			goto append_error;