From 2d88a7d5250475be658b011015f252b57ca02f82 Mon Sep 17 00:00:00 2001
From: Ricky Zhou <ricky@fedoraproject.org>
Date: Mon, 27 Dec 2010 05:54:28 -0500
Subject: [PATCH] Fix buffer overflow in mindist.

---
 Src/utils.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/Src/utils.c b/Src/utils.c
index b64530b..513bc7e 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -3665,14 +3665,21 @@ static int
 mindist(char *dir, char *mindistguess, char *mindistbest)
 {
     int mindistd, nd;
+    int len;
     DIR *dd;
     char *fn;
-    char buf[PATH_MAX];
+    char buf[PATH_MAX + 1];
 
     if (dir[0] == '\0')
 	dir = ".";
     mindistd = 100;
-    sprintf(buf, "%s/%s", dir, mindistguess);
+
+    /* input was too long and result got truncated */
+    len = snprintf(buf, sizeof(buf), "%s/%s", dir, mindistguess);
+    if (len >= sizeof(buf) || len < 0) {
+        return mindistd;
+    }
+
     if (access(unmeta(buf), F_OK) == 0) {
 	strcpy(mindistbest, mindistguess);
 	return 0;
-- 
1.7.3.4