diff options
| author | jvoisin | 2026-04-24 12:14:01 +0200 |
|---|---|---|
| committer | jvoisin | 2026-04-24 12:14:01 +0200 |
| commit | 314b10154495b91eca684124275407b8186bb762 (patch) | |
| tree | 7338a0d512e2ca3062cb88135473ed783b642a9f /src/sp_upload_validation.c | |
| parent | 36179282f5f52a7e54be34964b4afd4fd0194e4f (diff) | |
Fix an spprintf undefined behaviour
`getenv("REMOTE_ADDR")` can return NULL, and it is passed directly to
`spprintf`. While `spprintf` might handle `NULL` gracefully, it's not always
the case.
Diffstat (limited to 'src/sp_upload_validation.c')
| -rw-r--r-- | src/sp_upload_validation.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c index 4ac4992..e24149e 100644 --- a/src/sp_upload_validation.c +++ b/src/sp_upload_validation.c | |||
| @@ -54,8 +54,9 @@ static int sp_rfc1867_callback(unsigned int event, void *event_data, void **extr | |||
| 54 | cmd[1] = tmp_name; | 54 | cmd[1] = tmp_name; |
| 55 | cmd[2] = NULL; | 55 | cmd[2] = NULL; |
| 56 | 56 | ||
| 57 | const char *remote_addr = getenv("REMOTE_ADDR"); | ||
| 57 | spprintf(&env[0], 0, "SP_FILENAME=%s", filename); | 58 | spprintf(&env[0], 0, "SP_FILENAME=%s", filename); |
| 58 | spprintf(&env[1], 0, "SP_REMOTE_ADDR=%s", getenv("REMOTE_ADDR")); | 59 | spprintf(&env[1], 0, "SP_REMOTE_ADDR=%s", remote_addr ? remote_addr : ""); |
| 59 | spprintf(&env[2], 0, "SP_CURRENT_FILE=%s", zend_get_executed_filename(TSRMLS_C)); | 60 | spprintf(&env[2], 0, "SP_CURRENT_FILE=%s", zend_get_executed_filename(TSRMLS_C)); |
| 60 | spprintf(&env[3], 0, "SP_FILESIZE=%zu", filesize); | 61 | spprintf(&env[3], 0, "SP_FILESIZE=%zu", filesize); |
| 61 | env[4] = NULL; | 62 | env[4] = NULL; |