--- server/misc.c.orig	Wed Nov 27 16:30:30 1996
+++ server/misc.c	Thu Aug  8 13:44:03 2002
@@ -649,12 +649,19 @@
 
     if (client->username && client->username[0]) {
       if (client->groupname && client->groupname[0]) {
+	if (strlen(DDUSER) + strlen(client->username) +
+	    strlen(DDGROUP) + strlen(client->groupname) +
+	    strlen(DDPATH) + 4 >= 256)
+	  return ( -1 );
 	sprintf(dichome, "%s/%s:%s/%s:%s",
 		DDUSER, client->username,
 		DDGROUP, client->groupname,
 		DDPATH);
       }
       else {
+	if (strlen(DDUSER) + strlen(client->username) +
+	    strlen(DDPATH) + 2 >= 256)
+	  return ( -1 );
 	sprintf(dichome, "%s/%s:%s",
 		DDUSER, client->username,
 		DDPATH);
