From 34582d44ac0f1382be4021eb634ade10badaf62d Mon Sep 17 00:00:00 2001
From: Pete Batard <pbatard@gmail.com>
Date: Thu, 19 Aug 2010 16:27:08 +0100
Subject: fixed possible buffer overflow in windows_error_str()

* also added removal of CR/LF
---
 libusb/os/windows_usb.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/libusb/os/windows_usb.c b/libusb/os/windows_usb.c
index 9311dbf..e15d158 100644
--- a/libusb/os/windows_usb.c
+++ b/libusb/os/windows_usb.c
@@ -217,23 +217,28 @@ static char *windows_error_str(uint32_t retval)
 static char err_string[ERR_BUFFER_SIZE];
 
 	DWORD size;
+	size_t i;
 	uint32_t error_code, format_error;
 
 	error_code = retval?retval:GetLastError();
 
 	safe_sprintf(err_string, ERR_BUFFER_SIZE, "[%d] ", error_code);
 
-	size = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error_code,
+	size = FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error_code,
 		MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &err_string[safe_strlen(err_string)],
-		ERR_BUFFER_SIZE, NULL);
-	if (size == 0)
-	{
+		ERR_BUFFER_SIZE - (DWORD)safe_strlen(err_string), NULL);
+	if (size == 0) {
 		format_error = GetLastError();
 		if (format_error)
 			safe_sprintf(err_string, ERR_BUFFER_SIZE,
 				"Windows error code %u (FormatMessage error code %u)", error_code, format_error);
 		else
 			safe_sprintf(err_string, ERR_BUFFER_SIZE, "Unknown error code %u", error_code);
+	} else {
+		// Remove CR/LF terminators
+		for (i=safe_strlen(err_string)-1; ((err_string[i]==0x0A) || (err_string[i]==0x0D)); i--) {
+			err_string[i] = 0;
+		}
 	}
 	return err_string;
 }
-- 
cgit v1.2.1