New upstream release 15.7a, fixing CVE-2009-014815.7a-1

author: Tobias Klauser <tklauser@distanz.ch> 2009-05-23 15:14:45 +0200
committer: Tobias Klauser <tklauser@distanz.ch> 2009-05-24 12:17:09 +0200
commit: 911aae05b5d3ffd2543333e27cf06778381c7b3c (patch)
tree: 33330b37bf5ede3156f1a7984f1692073223e454 /src/find.c
parent: 04b38c4c173cef3b1b12163f1cf5a9b3cef8cb4a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/find.c b/src/find.c
index f6a6387..89d40ea 100644
--- a/src/find.c
+++ b/src/find.c
@@ -48,7 +48,7 @@
 #endif
 #include <regex.h>
 
-static char const rcsid[] = "$Id: find.c,v 1.20 2006/08/20 19:15:54 broeker Exp $";
+static char const rcsid[] = "$Id: find.c,v 1.21 2009/04/10 13:39:23 broeker Exp $";
 
 /* most of these functions have been optimized so their innermost loops have
  * only one test for the desired character by putting the char and 
@@ -673,7 +673,7 @@ findinit(char *pattern)
 		/* must be an exact match */
 		/* note: regcomp doesn't recognize ^*keypad$ as a syntax error
 		         unless it is given as a single arg */
-		(void) sprintf(buf, "^%s$", s);
+		(void) snprintf(buf, sizeof(buf), "^%s$", s);
 		if (regcomp (&regexp, buf, REG_EXTENDED | REG_NOSUB) != 0) {
 			return(REGCMPERROR);
 		}
author	Tobias Klauser <tklauser@distanz.ch>	2009-05-23 15:14:45 +0200
committer	Tobias Klauser <tklauser@distanz.ch>	2009-05-24 12:17:09 +0200
commit	911aae05b5d3ffd2543333e27cf06778381c7b3c (patch)
tree	33330b37bf5ede3156f1a7984f1692073223e454 /src/find.c
parent	04b38c4c173cef3b1b12163f1cf5a9b3cef8cb4a (diff)