### Patches a buffer overflow vulnerability in Dillon's cron (v2.2)
### which ships with slackware-3.4
### Patches against /pub/linux/slackware-3.4/source/a/bin/dcron22.tar.gz
### (This patch and others available at ftp.slackware.org in
### /pub/linux/security)  I can only take credit for this patch,
### nothing more.  Erik Schorr - 971205
--- subs.c.old	Mon May  2 08:28:31 1994
+++ subs.c	Fri Dec  5 02:16:53 1997
@@ -54,7 +54,7 @@
     char buf[1024];
 
     va_start(va, ctl);
-    vsprintf(buf, ctl, va);
+    vsnprintf(buf, sizeof buf, ctl, va);
     write(fd, buf, strlen(buf));
     va_end(va);
 }
@@ -81,7 +81,7 @@
     buf[0] = 0;
     if (useDate)
 	strftime(buf, 128, "%d-%b-%y %H:%M  ", tp);
-    vsprintf(buf + strlen(buf), ctl, va);
+    vsnprintf(buf + strlen(buf), sizeof buf, ctl, va);
     return(strlen(buf));
 }
 
--- crontab.c.old	Mon May  2 08:28:00 1994
+++ crontab.c	Fri Dec  5 02:14:24 1997
@@ -307,7 +307,7 @@
 
 	if (ChangeUser(user, 1) < 0)
 	    exit(0);
-	if ((ptr = getenv("VISUAL")) == NULL || strlen(ptr) < 256)
+	if ((ptr = getenv("VISUAL")) == NULL || strlen(ptr) > 256)
 	    ptr = PATH_VI;
 
 	sprintf(visual, "%s %s", ptr, file);