From e4e4cc7efbcf9912c370b1d21a4f27f77a3734b0 Mon Sep 17 00:00:00 2001
From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Mon, 1 Nov 1999 17:18:08 +0000
Subject: [PATCH] Fix potential buffer overrun in new saved-session menu

git-svn-id: svn://svn.tartarus.org/sgt/putty@267 cda61777-01e9-0310-a592-d414129be87e
---
 window.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/window.c b/window.c
index 98809aa3..6ca4b48d 100644
--- a/window.c
+++ b/window.c
@@ -627,6 +627,7 @@ static int WINAPI WndProc (HWND hwnd, UINT message,
 	    {
 		char b[2048];
 		char c[30], *cl;
+		int freecl = FALSE;
 		STARTUPINFO si;
 		PROCESS_INFORMATION pi;
 		HANDLE filemap = NULL;
@@ -660,9 +661,12 @@ static int WINAPI WndProc (HWND hwnd, UINT message,
 		    sprintf(c, "putty &%08x", filemap);
 		    cl = c;
 		} else if (wParam == IDM_SAVEDSESS) {
-		    sprintf(c, "putty @%s",
-			    sessions[(lParam - IDM_SAVED_MIN) / 16]);
-		    cl = c;
+		    char *session = sessions[(lParam - IDM_SAVED_MIN) / 16];
+		    cl = malloc(16 + strlen(session)); /* 8, but play safe */
+		    if (!cl)
+			cl = NULL;     /* not a very important failure mode */
+		    sprintf(cl, "putty @%s", session);
+		    freecl = TRUE;
 		} else
 		    cl = NULL;
 
@@ -679,6 +683,8 @@ static int WINAPI WndProc (HWND hwnd, UINT message,
 
 		if (filemap)
 		    CloseHandle(filemap);
+		if (freecl)
+		    free(cl);
 	    }
 	    break;
 	  case IDM_RECONF:
-- 
2.11.0