From 911aae05b5d3ffd2543333e27cf06778381c7b3c Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Sat, 23 May 2009 15:14:45 +0200
Subject: New upstream release 15.7a, fixing CVE-2009-0148

---
 src/vpfopen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/vpfopen.c')

diff --git a/src/vpfopen.c b/src/vpfopen.c
index bffbc20..005a9b0 100644
--- a/src/vpfopen.c
+++ b/src/vpfopen.c
@@ -37,7 +37,7 @@
 #include "vp.h"
 #include "global.h"
 
-static char const rcsid[] = "$Id: vpfopen.c,v 1.3 2001/03/27 14:09:19 broeker Exp $";
+static char const rcsid[] = "$Id: vpfopen.c,v 1.4 2009/04/10 13:39:23 broeker Exp $";
 
 FILE *
 vpfopen(char *filename, char *type)
@@ -53,7 +53,7 @@ vpfopen(char *filename, char *type)
 		) {
 		vpinit(NULL);
 		for (i = 1; i < vpndirs; i++) {
-			(void) sprintf(buf, "%s/%s", vpdirs[i], filename);
+			(void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], filename);
 			if ((returncode = myfopen(buf, type)) != NULL) {
 				break;
 			}
-- 
cgit v1.2.3-54-g00ecf