From 911aae05b5d3ffd2543333e27cf06778381c7b3c Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Sat, 23 May 2009 15:14:45 +0200
Subject: New upstream release 15.7a, fixing CVE-2009-0148

---
 src/vpaccess.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/vpaccess.c')

diff --git a/src/vpaccess.c b/src/vpaccess.c
index cb56730..607cee1 100644
--- a/src/vpaccess.c
+++ b/src/vpaccess.c
@@ -30,7 +30,7 @@
  DAMAGE. 
  =========================================================================*/
 
-/* $Id: vpaccess.c,v 1.2 2000/05/03 22:02:10 petr Exp $ */
+/* $Id: vpaccess.c,v 1.3 2009/04/10 13:39:23 broeker Exp $ */
 
 /* vpaccess - view path version of the access system call */
 
@@ -49,7 +49,7 @@ vpaccess(char *path, mode_t amode)
 	if ((returncode = access(path, amode)) == -1 && path[0] != '/') {
 		vpinit(NULL);
 		for (i = 1; i < vpndirs; i++) {
-			(void) sprintf(buf, "%s/%s", vpdirs[i], path);
+			(void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
 			if ((returncode = access(buf, amode)) != -1) {
 				break;
 			}
-- 
cgit v1.2.3-54-g00ecf