ITS#10421 mdb_load: check for malicious input

2026-02-02 11:59:45 -05:00 · 2026-01-06 20:52:25 +00:00 · 2026-01-06 20:52:25 +00:00 · 46b33d2b45
commit 46b33d2b45
parent 270c543828
1 changed files with 6 additions and 0 deletions
--- a/libraries/liblmdb/mdb_load.c
+++ b/libraries/liblmdb/mdb_load.c
@ -208,6 +208,12 @@ badend:

 	c1 = buf->mv_data;
 	len = strlen((char *)c1);
+	if (!len) {
+		/* This can only happen with an intentionally invalid input
+		 * with a NUL byte after the leading SPACE
+		 */
+		goto badend;
+	}
 	l2 = len;

 	/* Is buffer too short? */