From e016103fa25167594b9ff5d410019f114b7a36fb Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Sat, 23 May 2009 15:14:45 +0200
Subject: New upstream release 15.7a, fixing CVE-2009-0148

---
 src/vpopen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/vpopen.c')

diff --git a/src/vpopen.c b/src/vpopen.c
index 777f168..8812dba 100644
--- a/src/vpopen.c
+++ b/src/vpopen.c
@@ -39,7 +39,7 @@
 
 #define OPENFLAG_READ	0
 
-static char const rcsid[] = "$Id: vpopen.c,v 1.4 2002/07/28 15:40:07 broeker Exp $";
+static char const rcsid[] = "$Id: vpopen.c,v 1.5 2009/04/10 13:39:23 broeker Exp $";
 
 int
 vpopen(char *path, int oflag)
@@ -52,7 +52,7 @@ vpopen(char *path, int oflag)
 	    oflag == OPENFLAG_READ) {
 		vpinit(NULL);
 		for (i = 1; i < vpndirs; i++) {
-			(void) sprintf(buf, "%s/%s", vpdirs[i], path);
+			(void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
 			if ((returncode = myopen(buf, oflag, 0666)) != -1) {
 				break;
 			}
-- 
cgit v1.2.3-54-g00ecf