From 88aa771536014919e955c4f7b2cada9a0dcf8561 Mon Sep 17 00:00:00 2001
From: Luke Dashjr <luke-jr+git@utopios.org>
Date: Sat, 3 Mar 2012 13:51:10 -0500
Subject: Bugfix: Fix possible buffer overflow (#901)

Upstream commit: 21ae37d (partial)
---
 src/util.cpp | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/util.cpp b/src/util.cpp
index e2e104cc88..0f496bc455 100644
--- a/src/util.cpp
+++ b/src/util.cpp
@@ -653,20 +653,25 @@ string MyGetSpecialFolderPath(int nFolder, bool fCreate)
     }
 
     // Backup option
-    pszPath[0] = '\0';
+    std::string strPath;
     {
+        const char *pszEnv;
         if (nFolder == CSIDL_STARTUP)
         {
-            strcpy(pszPath, getenv("USERPROFILE"));
-            strcat(pszPath, "\\Start Menu\\Programs\\Startup");
+            pszEnv = getenv("USERPROFILE");
+            if (pszEnv)
+                strPath = pszEnv;
+            strPath += "\\Start Menu\\Programs\\Startup";
         }
         else if (nFolder == CSIDL_APPDATA)
         {
-            strcpy(pszPath, getenv("APPDATA"));
+            pszEnv = getenv("APPDATA");
+            if (pszEnv)
+                strPath = pszEnv;
         }
     }
 
-    return pszPath;
+    return strPath;
 }
 #endif
 
-- 
cgit v1.2.3