3 files changed, 18 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 42916a2f..ffa50749 100644
--- a/NEWS
+++ b/NEWS
@@ -15,7 +15,12 @@
 				Release Notes:
 
 ------------------------------------------------------------------------------
-fetchmail 4.0.2 ()
+fetchmail 4.0.3 ()
+* Replace vsprintf with vnsprintf to avoid buffer-overrun screws.
+
+There are 257 people on the fetchmail-friends list.
+
+fetchmail 4.0.2 (Mon Jul 17 20:54:30 EDT 1997)
 * Experimental RFC1938 one-time password support using OPIE library,
   courtesy of Craig Metz <cmetz@inner.net> (couthor of RFC1938).
 
diff --git a/driver.c b/driver.c
index c3224b9a..aba38f09 100644
--- a/driver.c
+++ b/driver.c
@@ -1747,7 +1747,11 @@ va_dcl
 #else
     va_start(ap);
 #endif
+#ifdef HAVE_VSNPRINTF
+    vsnprintf(buf + strlen(buf), sizeof(buf), fmt, ap);
+#else
     vsprintf(buf + strlen(buf), fmt, ap);
+#endif
     va_end(ap);
 
     strcat(buf, "\r\n");
@@ -1817,7 +1821,11 @@ va_dcl
 #else
     va_start(ap);
 #endif
+#ifdef HAVE_VSNPRINTF
+    vsnprintf(buf + strlen(buf), sizeof(buf), fmt, ap);
+#else
     vsprintf(buf + strlen(buf), fmt, ap);
+#endif
     va_end(ap);
 
     strcat(buf, "\r\n");
diff --git a/socket.c b/socket.c
index 59c1f64f..7a30e3a8 100644
--- a/socket.c
+++ b/socket.c
@@ -90,7 +90,11 @@ va_dcl {
 #else
     va_start(ap);
 #endif
+#ifdef HAVE_VSNPRINTF
+    vsnprintf(buf, sizeof(buf), format, ap);
+#else
     vsprintf(buf, format, ap);
+#endif
     va_end(ap);
     return SockWrite(sock, buf, strlen(buf));