$OpenBSD: patch-vpnc_c,v 1.3 2008/04/04 21:41:27 okan Exp $
--- vpnc.c.orig	Mon Sep 10 15:39:48 2007
+++ vpnc.c	Wed Sep 12 16:47:27 2007
@@ -159,10 +159,11 @@ static void addenv(const void *name, const char *value
 
 	oldval = getenv(name);
 	if (oldval != NULL) {
-		strbuf = xallocc(strlen(oldval) + 1 + strlen(value) + 1);
-		strcat(strbuf, oldval);
-		strcat(strbuf, " ");
-		strcat(strbuf, value);
+		size_t sz = strlen(oldval) + 1 + strlen(value) + 1;
+		strbuf = xallocc(sz);
+		strlcpy(strbuf, oldval, sz);
+		strlcat(strbuf, " ", sz);
+		strlcat(strbuf, value, sz);
 	}
 
 	setenv(name, strbuf ? strbuf : value, 1);