https://git.reactos.org/?p=reactos.git;a=commitdiff;h=ddd03a89736370b0132b9… commit ddd03a89736370b0132b955927f4f0bfa8f4c91a Author: Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt; AuthorDate: Sun May 20 19:57:43 2018 +0200 Commit: Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt; CommitDate: Sun May 20 19:57:43 2018 +0200 [CMD] Use string-safe call to build the new console title (possibly truncated, we don't care), avoiding any buffer overflow. Caught by David Quintana. --- base/shell/cmd/cmd.c | 3 ++- base/shell/cmd/precomp.h | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/base/shell/cmd/cmd.c b/base/shell/cmd/cmd.c index bc92e70e6c..974fd3e626 100644 --- a/base/shell/cmd/cmd.c +++ b/base/shell/cmd/cmd.c @@ -382,7 +382,8 @@ Execute(LPTSTR Full, LPTSTR First, LPTSTR Rest, PARSED_COMMAND *Cmd) /* Save the original console title and build a new one */ GetConsoleTitle(szWindowTitle, ARRAYSIZE(szWindowTitle)); bTitleSet = FALSE; - _stprintf(szNewTitle, _T("%s - %s%s"), szWindowTitle, First, Rest); + StringCchPrintf(szNewTitle, ARRAYSIZE(szNewTitle), + _T("%s - %s%s"), szWindowTitle, First, Rest); ConSetTitle(szNewTitle); /* check if this is a .BAT or .CMD file */ diff --git a/base/shell/cmd/precomp.h b/base/shell/cmd/precomp.h index a8e1418bbe..7c0e76dc3d 100644 --- a/base/shell/cmd/precomp.h +++ b/base/shell/cmd/precomp.h @@ -25,6 +25,8 @@ #define NTOS_MODE_USER #include <ndk/rtlfuncs.h> +#include <strsafe.h> + #include <conutils.h> #include "resource.h"