Incorporate Redis CVE for CVE-2025-27151 (valkey-io#2146)

Resolves valkey-io#2145

Incorporate the CVE patch that was sent to us by Redis Ltd.

---------

Signed-off-by: Madelyn Olson <[email protected]>
Co-authored-by: Ping Xie <[email protected]>
(cherry picked from commit 73696bf)
Signed-off-by: Viktor Söderqvist <[email protected]>

Author: 2 people

src/valkey-check-aof.c

@@ -556,6 +556,12 @@ int redis_check_aof_main(int argc, char **argv) {
         goto invalid_args;
     }
 
+    /* Check if filepath is longer than PATH_MAX */
+    if (strnlen(filepath, PATH_MAX + 1) > PATH_MAX) {
+        printf("Error: filepath is too long (exceeds PATH_MAX)\n");
+        goto invalid_args;
+    }
+
     /* In the glibc implementation dirname may modify their argument. */
     memcpy(temp_filepath, filepath, strlen(filepath) + 1);
     dirpath = dirname(temp_filepath);