]> git.ipfire.org Git - thirdparty/openldap.git/commitdiff
projects / thirdparty / openldap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ba07ad)
ITS#10421 mdb_load: check for malicious input
authorHoward Chu <hyc@openldap.org>
Tue, 6 Jan 2026 20:52:25 +0000 (20:52 +0000)
committerHoward Chu <hyc@openldap.org>
Tue, 6 Jan 2026 20:53:01 +0000 (20:53 +0000)
libraries/liblmdb/mdb_load.c patch | blob | blame | history

diff --git a/libraries/liblmdb/mdb_load.c b/libraries/liblmdb/mdb_load.c
index 6d1b5a4328b18693b5ba682846710bf2aa646299..e6b23406e26a0334993ffe692dde30420f652067 100644 (file)
--- a/libraries/liblmdb/mdb_load.c
+++ b/libraries/liblmdb/mdb_load.c
@@ -218,6 +218,12 @@ badend:
 
        c1 = buf->mv_data;
        len = strlen((char *)c1);
+       if (!len) {
+               /* This can only happen with an intentionally invalid input
+                * with a NUL byte after the leading SPACE
+                */
+               goto badend;
+       }
        l2 = len;
 
        /* Is buffer too short? */
Mirror of https://git.openldap.org/openldap/openldap.git