From ddd03a89736370b0132b955927f4f0bfa8f4c91a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?=
 <hermes.belusca-maito@reactos.org>
Date: Sun, 20 May 2018 19:57:43 +0200
Subject: [PATCH] [CMD] Use string-safe call to build the new console title
 (possibly truncated, we don't care), avoiding any buffer overflow. Caught by
 David Quintana.

---
 base/shell/cmd/cmd.c     | 3 ++-
 base/shell/cmd/precomp.h | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/base/shell/cmd/cmd.c b/base/shell/cmd/cmd.c
index bc92e70e6c2..974fd3e6266 100644
--- a/base/shell/cmd/cmd.c
+++ b/base/shell/cmd/cmd.c
@@ -382,7 +382,8 @@ Execute(LPTSTR Full, LPTSTR First, LPTSTR Rest, PARSED_COMMAND *Cmd)
     /* Save the original console title and build a new one */
     GetConsoleTitle(szWindowTitle, ARRAYSIZE(szWindowTitle));
     bTitleSet = FALSE;
-    _stprintf(szNewTitle, _T("%s - %s%s"), szWindowTitle, First, Rest);
+    StringCchPrintf(szNewTitle, ARRAYSIZE(szNewTitle),
+                    _T("%s - %s%s"), szWindowTitle, First, Rest);
     ConSetTitle(szNewTitle);
 
     /* check if this is a .BAT or .CMD file */
diff --git a/base/shell/cmd/precomp.h b/base/shell/cmd/precomp.h
index a8e1418bbe7..7c0e76dc3da 100644
--- a/base/shell/cmd/precomp.h
+++ b/base/shell/cmd/precomp.h
@@ -25,6 +25,8 @@
 #define NTOS_MODE_USER
 #include <ndk/rtlfuncs.h>
 
+#include <strsafe.h>
+
 #include <conutils.h>
 
 #include "resource.h"
-- 
2.17.1