From: Iain Patterson <me@iain.cx>
Date: Mon, 6 Mar 2017 11:48:18 +0000 (+0000)
Subject: Fixed buffer overflow in GUI browse().
X-Git-Url: http://git.iain.cx/?a=commitdiff_plain;ds=inline;h=54731dd901abc11fb2baa36fbe3c41e9e8ec548b;p=nssm.git

Fixed buffer overflow in GUI browse().

Thanks Connor Reynolds.
---

diff --git a/README.txt b/README.txt
index e6d3d50..eaecac2 100644
--- a/README.txt
+++ b/README.txt
@@ -1043,6 +1043,7 @@ Thanks to Nicolas Ducrocq for suggesting timestamping redirected output.
 Thanks to Meang Akira Tanaka for suggestion and initial implementation of
 the statuscode command.
 Thanks to Kirill Kovalenko for reporting a crash with NANO server.
+Thanks to Connor Reynolds for spotting a potential buffer overflow.
 
 Licence
 -------
diff --git a/gui.cpp b/gui.cpp
index 9c4d712..5aaa932 100644
--- a/gui.cpp
+++ b/gui.cpp
@@ -924,7 +924,7 @@ void browse(HWND window, TCHAR *current, unsigned long flags, ...) {
     va_start(arg, flags);
     while (i = va_arg(arg, int)) {
       TCHAR *localised = message_string(i);
-      _sntprintf_s((TCHAR *) ofn.lpstrFilter + len, bufsize, _TRUNCATE, localised);
+      _sntprintf_s((TCHAR *) ofn.lpstrFilter + len, bufsize - len, _TRUNCATE, localised);
       len += _tcslen(localised) + 1;
       LocalFree(localised);
       TCHAR *filter = browse_filter(i);