Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-15 17:11:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CMD] Use string-safe call to build the new console title (possibly truncated, we don't care), avoiding any buffer overflow. Caught by David Quintana.

Browse source
This commit is contained in:
Hermès Bélusca-Maïto 2018-05-20 19:57:43 +02:00
parent 7b618314c2
commit ddd03a8973
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
base/shell/cmd/cmd.c
View file

@ -382,7 +382,8 @@ Execute(LPTSTR Full, LPTSTR First, LPTSTR Rest, PARSED_COMMAND *Cmd)
/* Save the original console title and build a new one */
GetConsoleTitle(szWindowTitle, ARRAYSIZE(szWindowTitle));
bTitleSet = FALSE;
_stprintf(szNewTitle, _T("%s - %s%s"), szWindowTitle, First, Rest);
StringCchPrintf(szNewTitle, ARRAYSIZE(szNewTitle),
_T("%s - %s%s"), szWindowTitle, First, Rest);
ConSetTitle(szNewTitle);
/* check if this is a .BAT or .CMD file */

2
base/shell/cmd/precomp.h
View file

@ -25,6 +25,8 @@
#define NTOS_MODE_USER
#include <ndk/rtlfuncs.h>
#include <strsafe.h>
#include <conutils.h>
#include "resource.h"