01/01: [CMD] Use string-safe call to build the new console title (possibly truncated, we don't care), avoiding any buffer overflow. Caught by David Quintana. - Ros-diffs

20 May 2018

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=ddd03a89736370b0132b95...
commit ddd03a89736370b0132b955927f4f0bfa8f4c91a
Author:     Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org
AuthorDate: Sun May 20 19:57:43 2018 +0200
Commit:     Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org
CommitDate: Sun May 20 19:57:43 2018 +0200
[CMD] Use string-safe call to build the new console title (possibly truncated, we don't care), avoiding any buffer overflow. Caught by David Quintana.
---
 base/shell/cmd/cmd.c     | 3 ++-
 base/shell/cmd/precomp.h | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/base/shell/cmd/cmd.c b/base/shell/cmd/cmd.c
index bc92e70e6c..974fd3e626 100644
--- a/base/shell/cmd/cmd.c
+++ b/base/shell/cmd/cmd.c
@@ -382,7 +382,8 @@ Execute(LPTSTR Full, LPTSTR First, LPTSTR Rest, PARSED_COMMAND *Cmd)
     /* Save the original console title and build a new one */
     GetConsoleTitle(szWindowTitle, ARRAYSIZE(szWindowTitle));
     bTitleSet = FALSE;
-    _stprintf(szNewTitle, _T("%s - %s%s"), szWindowTitle, First, Rest);
+    StringCchPrintf(szNewTitle, ARRAYSIZE(szNewTitle),
+                    _T("%s - %s%s"), szWindowTitle, First, Rest);
     ConSetTitle(szNewTitle);
/* check if this is a .BAT or .CMD file */
diff --git a/base/shell/cmd/precomp.h b/base/shell/cmd/precomp.h
index a8e1418bbe..7c0e76dc3d 100644
--- a/base/shell/cmd/precomp.h
+++ b/base/shell/cmd/precomp.h
@@ -25,6 +25,8 @@
 #define NTOS_MODE_USER
 #include <ndk/rtlfuncs.h>
+#include <strsafe.h>
+
 #include <conutils.h>
#include "resource.h"

    