diff --git a/CHANGELOG b/CHANGELOG
index 90817f1..ef9756d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -11,6 +11,10 @@ version 2.91
 	which is clearly rare in the wild, but if it did exist it could
 	provoke a SIGSEV. Thanks to Daniel Rhea for fuzzing this one.
 
+	Fix buffer overflow when configured lease-change script name
+	is too long.
+	Thanks to Daniel Rhea for finding this one.
+
 version 2.90
 	Fix reversion in --rev-server introduced in 2.88 which
 	caused breakage if the prefix length is not exactly divisible
diff --git a/src/lease.c b/src/lease.c
index 55e8443..a133021 100644
--- a/src/lease.c
+++ b/src/lease.c
@@ -150,6 +150,10 @@ void lease_init(time_t now)
 #ifdef HAVE_SCRIPT
       if (daemon->lease_change_command)
 	{
+	  /* 6 == strlen(" init") plus terminator */
+	  if (strlen(daemon->lease_change_command) + 6 > DHCP_BUFF_SZ)
+	    die(_("lease-change script name is too long"), NULL, EC_FILE);
+	  
 	  strcpy(daemon->dhcp_buff, daemon->lease_change_command);
 	  strcat(daemon->dhcp_buff, " init");
 	  leasestream = popen(daemon->dhcp_buff, "r");