- if (l > 5 && !strcmp(".conf", & ep->d_name[ l - 5 ])) {
- free(fname);
- xasprintf(&fname, "%s/%s", dname, ep->d_name);
+ if(l > 5 && !strcmp(".conf", & ep->d_name[ l - 5 ])) {
+ if((size_t)snprintf(fname, sizeof(fname), "%s/%s", dname, ep->d_name) >= sizeof(fname)) {
+ logger(LOG_ERR, "Pathname too long: %s/%s", dname, ep->d_name);
+ return false;
+ }
+