===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/cvs/update.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- src/usr.bin/cvs/update.c	2005/04/12 14:58:40	1.21
+++ src/usr.bin/cvs/update.c	2005/04/16 20:31:18	1.22
@@ -1,4 +1,4 @@
-/*	$OpenBSD: update.c,v 1.21 2005/04/12 14:58:40 joris Exp $	*/
+/*	$OpenBSD: update.c,v 1.22 2005/04/16 20:31:18 xsa Exp $	*/
 /*
  * Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org>
  * All rights reserved.
@@ -99,7 +99,7 @@
 int
 cvs_update_file(CVSFILE *cf, void *arg)
 {
-	int ret;
+	int ret, l;
 	char *fname, *repo, fpath[MAXPATHLEN], rcspath[MAXPATHLEN];
 	RCSFILE *rf;
 	struct cvsroot *root;
@@ -154,8 +154,15 @@
 			return (0);
 		}
 
-		snprintf(rcspath, sizeof(rcspath), "%s/%s/%s%s",
+		l = snprintf(rcspath, sizeof(rcspath), "%s/%s/%s%s",
 		    root->cr_dir, repo, fname, RCS_FILE_EXT);
+		if (l == -1 || l >= (int)sizeof(rcspath)) {
+			errno = ENAMETOOLONG;
+			cvs_log(LP_ERRNO, "%s", rcspath);
+
+			cvs_ent_free(entp);
+			return (-1);
+		}
 
 		rf = rcs_open(rcspath, RCS_READ);
 		if (rf == NULL) {