From 7b136c42f1968310ab2124dc45dbd14ef2214dcf Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 6 Jan 2026 20:52:25 +0000 Subject: [PATCH] ITS#10421 mdb_load: check for malicious input --- libraries/liblmdb/mdb_load.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libraries/liblmdb/mdb_load.c b/libraries/liblmdb/mdb_load.c index 6d1b5a4328..e6b23406e2 100644 --- a/libraries/liblmdb/mdb_load.c +++ b/libraries/liblmdb/mdb_load.c @@ -218,6 +218,12 @@ badend: c1 = buf->mv_data; len = strlen((char *)c1); + if (!len) { + /* This can only happen with an intentionally invalid input + * with a NUL byte after the leading SPACE + */ + goto badend; + } l2 = len; /* Is buffer too short? */