Added fix from David Vrabel <dvrabel@arcom.co.uk> for a

buffer overrun in find_real_root_device(), fixing bug #1019
 -Erik

diff --git a/utility.c b/utility.c
index 3422d997a6bc669b2fe0b55ae53f0be71ea9e0ee..28e333e6fea456f3b73b683ec764bb986fe486b3 100644 (file)
--- a/utility.c
+++ b/utility.c
@@ -1636,7 +1636,7 @@ extern int find_real_root_device_name(char* name)
                if (strcmp(entry->d_name, "..") == 0)
                        continue;
 
-               sprintf( fileName, "/dev/%s", entry->d_name);
+               snprintf( fileName, strlen(name)+1, "/dev/%s", entry->d_name);
 
                if (stat(fileName, &statBuf) != 0)
                        continue;