From d0eeee6e31f0fefb510007a8cfdf5dce729a8be9 Mon Sep 17 00:00:00 2001
From: YaacovHazan <yaacov.hazan@redis.com>
Date: Tue, 27 May 2025 10:23:27 +0300
Subject: [PATCH] Check length of AOF file name in redis-check-aof
 (CVE-2025-27151)

Ensure that the length of the input file name does not exceed PATH_MAX
---
 src/redis-check-aof.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/redis-check-aof.c b/src/redis-check-aof.c
index e28126df6..5b3ee2a48 100644
--- a/src/redis-check-aof.c
+++ b/src/redis-check-aof.c
@@ -547,6 +547,12 @@ int redis_check_aof_main(int argc, char **argv) {
         goto invalid_args;
     }
 
+    /* Check if filepath is longer than PATH_MAX */
+    if (strlen(filepath) > PATH_MAX) {
+        printf("Error: filepath is too long (exceeds PATH_MAX)\n");
+        goto invalid_args;
+    }
+
     /* In the glibc implementation dirname may modify their argument. */
     memcpy(temp_filepath, filepath, strlen(filepath) + 1);
     dirpath = dirname(temp_filepath);