ITS#10421 mdb_load: check for malicious input

2026-02-18 18:18:06 -05:00 · 2026-01-06 20:52:25 +00:00 · 2026-01-06 20:52:25 +00:00 · 8e1fda8553
commit 8e1fda8553
parent 1db2a61ade
1 changed files with 6 additions and 0 deletions
--- a/libraries/liblmdb/mdb_load.c
+++ b/libraries/liblmdb/mdb_load.c
@ -205,6 +205,12 @@ badend:

 	c1 = buf->mv_data;
 	len = strlen((char *)c1);
+	if (!len) {
+		/* This can only happen with an intentionally invalid input
+		 * with a NUL byte after the leading SPACE
+		 */
+		goto badend;
+	}
 	l2 = len;

 	/* Is buffer too short? */