[CMD] Use string-safe call to build the new console title (possibly truncated, we don't care), avoiding any buffer overflow. Caught by David Quintana.

This commit is contained in:
Hermès Bélusca-Maïto 2018-05-20 19:57:43 +02:00
parent 7b618314c2
commit ddd03a8973
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
2 changed files with 4 additions and 1 deletions

View file

@ -382,7 +382,8 @@ Execute(LPTSTR Full, LPTSTR First, LPTSTR Rest, PARSED_COMMAND *Cmd)
/* Save the original console title and build a new one */
GetConsoleTitle(szWindowTitle, ARRAYSIZE(szWindowTitle));
bTitleSet = FALSE;
_stprintf(szNewTitle, _T("%s - %s%s"), szWindowTitle, First, Rest);
StringCchPrintf(szNewTitle, ARRAYSIZE(szNewTitle),
_T("%s - %s%s"), szWindowTitle, First, Rest);
ConSetTitle(szNewTitle);
/* check if this is a .BAT or .CMD file */

View file

@ -25,6 +25,8 @@
#define NTOS_MODE_USER
#include <ndk/rtlfuncs.h>
#include <strsafe.h>
#include <conutils.h>
#include "resource.h"