From 84300ccbd6598ea4e0cde6a97c0bb22a11eb953c Mon Sep 17 00:00:00 2001 From: Sebastien GODARD Date: Sun, 11 Feb 2018 11:43:20 +0100 Subject: [PATCH] sar/sadf: Add checks on file's header size read from file sa_open_read_magic() reads file's magic structure and in particular the size of the header structure to come. header_size field in file_magic structure exists only with versions 10.3.1 and later. So checking bounds for header_size is done only for those versions, based on the values of sysstat_version and sysstat_patchlevel. With a corrupted datafile (i.e. a file having the right FORMAT_MAGIC value but values corresponding to older sysstat versions in sysstat_version and sysstat_patchlevel), the test is not done. So do it again in check_file_actlst() function. Signed-off-by: Sebastien GODARD --- sa_common.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sa_common.c b/sa_common.c index 566c242..de0a456 100644 --- a/sa_common.c +++ b/sa_common.c @@ -1605,7 +1605,15 @@ void check_file_actlst(int *ifd, char *dfile, struct activity *act[], */ return; - /* We know now that we have a *compatible* sysstat datafile format */ + /* + * We know now that we have a *compatible* sysstat datafile format + * (correct FORMAT_MAGIC value), and in this case, we should have + * checked header_size value. Anyway, with a corrupted datafile, + * this may not be the case. So check again. + */ + if ((file_magic->header_size <= MIN_FILE_HEADER_SIZE) || + (file_magic->header_size > MAX_FILE_HEADER_SIZE)) + goto format_error; /* Allocate buffer for file_header structure */ SREALLOC(buffer, char, file_magic->header_size); -- 2.40.0