From: Iain Patterson <me@iain.cx>
Date: Fri, 15 Nov 2013 11:21:58 +0000 (+0000)
Subject: Prevent buffer overrun in log_event().
X-Git-Tag: v2.18~6
X-Git-Url: http://git.iain.cx/?p=nssm.git;a=commitdiff_plain;h=636b16d3702049145143511c6461ff20bf1f245d

Prevent buffer overrun in log_event().

We were only expecting six message strings but we could possible receive
more.
---

diff --git a/event.cpp b/event.cpp
index 995b7af..32e4acf 100644
--- a/event.cpp
+++ b/event.cpp
@@ -1,6 +1,7 @@
 #include "nssm.h"
 
 #define NSSM_ERROR_BUFSIZE 65535
+#define NSSM_NUM_EVENT_STRINGS 16
 unsigned long tls_index;
 
 /* Convert error code to error string - must call LocalFree() on return value */
@@ -34,7 +35,7 @@ void log_event(unsigned short type, unsigned long id, ...) {
   va_list arg;
   int count;
   char *s;
-  char *strings[6];
+  char *strings[NSSM_NUM_EVENT_STRINGS];
 
   /* Open event log */
   HANDLE handle = RegisterEventSource(0, TEXT(NSSM));
@@ -43,7 +44,8 @@ void log_event(unsigned short type, unsigned long id, ...) {
   /* Log it */
   count = 0;
   va_start(arg, id);
-  while ((s = va_arg(arg, char *))) strings[count++] = s;
+  while ((s = va_arg(arg, char *)) && count < NSSM_NUM_EVENT_STRINGS - 1) strings[count++] = s;
+  strings[count] = 0;
   va_end(arg);
   ReportEvent(handle, type, 0, id, 0, count, 0, (const char **) strings, 0);