Overview

File CVE-2025-27151.patch of Package redis.38940

From 643b5db235cb82508e72f11c7b4bbfc7dc39be56 Mon Sep 17 00:00:00 2001
From: YaacovHazan <yaacov.hazan@redis.com>
Date: Tue, 27 May 2025 10:23:27 +0300
Subject: [PATCH] Check length of AOF file name in redis-check-aof
 (CVE-2025-27151)

Ensure that the length of the input file name does not exceed PATH_MAX
---
 src/redis-check-aof.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/redis-check-aof.c b/src/redis-check-aof.c
index 56298387e26..f7cdbbc69ae 100644
--- a/src/redis-check-aof.c
+++ b/src/redis-check-aof.c
@@ -556,6 +556,12 @@ int redis_check_aof_main(int argc, char **argv) {
         goto invalid_args;
     }
 
+    /* Check if filepath is longer than PATH_MAX */
+    if (strlen(filepath) > PATH_MAX) {
+        printf("Error: filepath is too long (exceeds PATH_MAX)\n");
+        goto invalid_args;
+    }
+
     /* In the glibc implementation dirname may modify their argument. */
     memcpy(temp_filepath, filepath, strlen(filepath) + 1);
     dirpath = dirname(temp_filepath);
openSUSE Build Service is sponsored by
Places