$OpenBSD: patch-vpnc_c,v 1.2 2005/11/11 19:38:07 sturm Exp $
--- vpnc.c.orig	Fri Nov  4 00:09:49 2005
+++ vpnc.c	Fri Nov  4 00:11:03 2005
@@ -196,10 +196,11 @@ static void addenv(const void *name, con
 
 	oldval = getenv(name);
 	if (oldval != NULL) {
-		strbuf = xallocc(strlen(oldval) + 1 + strlen(value) + 1);
-		strcat(strbuf, oldval);
-		strcat(strbuf, " ");
-		strcat(strbuf, value);
+		size_t sz = strlen(oldval) + 1 + strlen(value) + 1;
+		strbuf = xallocc(sz);
+		strlcpy(strbuf, oldval, sz);
+		strlcat(strbuf, " ", sz);
+		strlcat(strbuf, value, sz);
 	}
 
 	setenv(name, strbuf ? strbuf : value, 1);
