Fixed buffer overflow in GUI browse().

author Iain Patterson <me@iain.cx>

Mon, 6 Mar 2017 11:48:18 +0000 (11:48 +0000)

committer Iain Patterson <me@iain.cx>

Mon, 6 Mar 2017 11:48:18 +0000 (11:48 +0000)
author Iain Patterson <me@iain.cx>
Mon, 6 Mar 2017 11:48:18 +0000 (11:48 +0000)
committer Iain Patterson <me@iain.cx>
Mon, 6 Mar 2017 11:48:18 +0000 (11:48 +0000)
diff --git a/README.txt b/README.txt

index e6d3d50..eaecac2 100644 (file)
--- a/README.txt
+++ b/README.txt
@@ -1043,6 +1043,7 @@ Thanks to Nicolas Ducrocq for suggesting timestamping redirected output.
  Thanks to Meang Akira Tanaka for suggestion and initial implementation of\r
  the statuscode command.\r
  Thanks to Kirill Kovalenko for reporting a crash with NANO server.\r
+Thanks to Connor Reynolds for spotting a potential buffer overflow.\r
  \r
  Licence\r
  -------\r
diff --git a/gui.cpp b/gui.cpp

index 9c4d712..5aaa932 100644 (file)
--- a/gui.cpp
+++ b/gui.cpp
@@ -924,7 +924,7 @@ void browse(HWND window, TCHAR *current, unsigned long flags, ...) {
      va_start(arg, flags);\r
      while (i = va_arg(arg, int)) {\r
        TCHAR *localised = message_string(i);\r
-      _sntprintf_s((TCHAR *) ofn.lpstrFilter + len, bufsize, _TRUNCATE, localised);\r
+      _sntprintf_s((TCHAR *) ofn.lpstrFilter + len, bufsize - len, _TRUNCATE, localised);\r
        len += _tcslen(localised) + 1;\r
        LocalFree(localised);\r
        TCHAR *filter = browse_filter(i);\r
author	Iain Patterson <me@iain.cx>
	Mon, 6 Mar 2017 11:48:18 +0000 (11:48 +0000)
committer	Iain Patterson <me@iain.cx>
	Mon, 6 Mar 2017 11:48:18 +0000 (11:48 +0000)
README.txt		patch \| blob \| history
gui.cpp		patch \| blob \| history