From 636b16d3702049145143511c6461ff20bf1f245d Mon Sep 17 00:00:00 2001
From: Iain Patterson <me@iain.cx>
Date: Fri, 15 Nov 2013 11:21:58 +0000
Subject: [PATCH] Prevent buffer overrun in log_event().

We were only expecting six message strings but we could possible receive
more.
---
 event.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/event.cpp b/event.cpp
index 995b7af..32e4acf 100644
--- a/event.cpp
+++ b/event.cpp
@@ -1,6 +1,7 @@
 #include "nssm.h"
 
 #define NSSM_ERROR_BUFSIZE 65535
+#define NSSM_NUM_EVENT_STRINGS 16
 unsigned long tls_index;
 
 /* Convert error code to error string - must call LocalFree() on return value */
@@ -34,7 +35,7 @@ void log_event(unsigned short type, unsigned long id, ...) {
   va_list arg;
   int count;
   char *s;
-  char *strings[6];
+  char *strings[NSSM_NUM_EVENT_STRINGS];
 
   /* Open event log */
   HANDLE handle = RegisterEventSource(0, TEXT(NSSM));
@@ -43,7 +44,8 @@ void log_event(unsigned short type, unsigned long id, ...) {
   /* Log it */
   count = 0;
   va_start(arg, id);
-  while ((s = va_arg(arg, char *))) strings[count++] = s;
+  while ((s = va_arg(arg, char *)) && count < NSSM_NUM_EVENT_STRINGS - 1) strings[count++] = s;
+  strings[count] = 0;
   va_end(arg);
   ReportEvent(handle, type, 0, id, 0, count, 0, (const char **) strings, 0);
 
-- 
2.20.1