pkg://Canna-3.5b2-50.src.rpm:2637951/canna-security.patch  info  downloads

--- canna-3.5b2.orig/server/misc.c
+++ canna-3.5b2/server/misc.c
@@ -649,12 +649,22 @@
 
     if (client->username && client->username[0]) {
       if (client->groupname && client->groupname[0]) {
+	if (strlen(DDUSER) + strlen(client->username) +
+	    strlen(DDGROUP) + strlen(client->groupname) +
+	    strlen(DDPATH) + 4 >= 256) {
+	  return(-1);
+	}
+
 	sprintf(dichome, "%s/%s:%s/%s:%s",
 		DDUSER, client->username,
 		DDGROUP, client->groupname,
 		DDPATH);
       }
       else {
+        if (strlen(DDUSER) + strlen(client->username) +
+	    strlen(DDPATH) + 2 >= 256) {
+	  return(-1);
+	}
 	sprintf(dichome, "%s/%s:%s",
 		DDUSER, client->username,
 		DDPATH);