]> git.ipfire.org Git - thirdparty/openldap.git/commitdiff
projects / thirdparty / openldap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 270c543)
ITS#10421 mdb_load: check for malicious input
authorHoward Chu <hyc@openldap.org>
Tue, 6 Jan 2026 20:52:25 +0000 (20:52 +0000)
committerHoward Chu <hyc@openldap.org>
Tue, 6 Jan 2026 20:53:08 +0000 (20:53 +0000)
libraries/liblmdb/mdb_load.c patch | blob | blame | history

diff --git a/libraries/liblmdb/mdb_load.c b/libraries/liblmdb/mdb_load.c
index d266b4f6e198d078854733a5a9ab1937a122ee70..4e9dbcbabf0c4786a618b201199b090eec2a12e5 100644 (file)
--- a/libraries/liblmdb/mdb_load.c
+++ b/libraries/liblmdb/mdb_load.c
@@ -208,6 +208,12 @@ badend:
 
        c1 = buf->mv_data;
        len = strlen((char *)c1);
+       if (!len) {
+               /* This can only happen with an intentionally invalid input
+                * with a NUL byte after the leading SPACE
+                */
+               goto badend;
+       }
        l2 = len;
 
        /* Is buffer too short? */
Mirror of https://git.openldap.org/openldap/openldap.git