$OpenBSD: patch-src_cfrun_c,v 1.2 2004/10/01 21:22:15 sturm Exp $
--- src/cfrun.c.orig	Mon Aug  2 21:46:03 2004
+++ src/cfrun.c	Fri Oct  1 23:17:38 2004
@@ -245,23 +245,23 @@ if (uname(&VSYSNAME) == -1)
 
 if ((strlen(VDOMAIN) > 0) && !strchr(VSYSNAME.nodename,'.'))
    {
-   sprintf(VFQNAME,"%s.%s",VSYSNAME.nodename,VDOMAIN);
+   (void)snprintf(VFQNAME,CF_MAXVARSIZE,"%s.%s",VSYSNAME.nodename,VDOMAIN);
    }
 else
    {
-   sprintf(VFQNAME,"%s",VSYSNAME.nodename);
+   (void)snprintf(VFQNAME,CF_MAXVARSIZE,"%s",VSYSNAME.nodename);
    }   
 */
  
 Debug("FQNAME = %s\n",VFQNAME);
  
-sprintf(VPREFIX,"cfrun:%s",VFQNAME);
+(void)snprintf(VPREFIX,40,"cfrun:%s",VFQNAME);
  
 /* Read hosts file */
 
 umask(077);
-strcpy(VLOCKDIR,WORKDIR);
-strcpy(VLOGDIR,WORKDIR); 
+(void)strlcpy(VLOCKDIR,WORKDIR,CF_BUFSIZE);
+(void)strlcpy(VLOGDIR,WORKDIR,CF_BUFSIZE); 
 
 OpenSSL_add_all_algorithms();
 ERR_load_crypto_strings();
@@ -294,7 +294,7 @@ CONN = NewAgentConn();
 
 if (storeinfile)
    {
-   sprintf(filebuffer, "%s/%s", OUTPUTDIR, host);
+   (void)snprintf(filebuffer, sizeof(filebuffer), "%s/%s", OUTPUTDIR, host);
    if ((fp = fopen(filebuffer, "w")) == NULL)
       {
       return false;
@@ -564,10 +564,10 @@ if (!strchr(VCFRUNHOSTS, '/'))
    {
    if ((sp=getenv(CF_INPUTSVAR)) != NULL)
       {
-      strcpy(filename,sp);
+      (void)strlcpy(filename,sp,sizeof(filename));
       if (filename[strlen(filename)-1] != '/')
          {
-         strcat(filename,"/");
+         (void)strlcat(filename,"/",sizeof(filename));
          }
       }
    else
@@ -576,7 +576,7 @@ if (!strchr(VCFRUNHOSTS, '/'))
       }
    }
  
-strcat(filename,VCFRUNHOSTS);
+(void)strlcat(filename,VCFRUNHOSTS,sizeof(filename));
 
 if ((fp = fopen(filename,"r")) == NULL)      /* Open root file */
    {
@@ -601,7 +601,7 @@ while (!feof(fp))
 
    if (strncmp(line,"hostnamekeys",6) == 0)
       {
-      char buf[16];
+      char buf[296];
       buf[0] = '\0';
       sscanf(line,"hostnamekeys = %295[^# \n]",buf);
       Verbose("Hostname keys\n");
@@ -703,8 +703,8 @@ while (!feof(fp))
 
    if ((!strstr(buffer,".")) && (strlen(VDOMAIN) > 0))
       {
-      strcat(buffer,".");
-      strcat(buffer,VDOMAIN);
+      (void)strlcat(buffer,".",sizeof(buffer));
+      (void)strlcat(buffer,VDOMAIN,sizeof(buffer));
       }
       
    if (!IsItemIn(VCFRUNHOSTLIST,buffer))
@@ -762,8 +762,8 @@ for (ip = VCFRUNCLASSES; ip != NULL; ip 
       memset(sendbuffer,0,CF_BUFSIZE);
       }
    
-   strcat(sendbuffer,ip->name);
-   strcat(sendbuffer," ");
+   (void)strlcat(sendbuffer,ip->name,CF_BUFSIZE);
+   (void)strlcat(sendbuffer," ",CF_BUFSIZE);
 
    sp += strlen(ip->name)+1;
    used += strlen(ip->name)+1;
@@ -782,7 +782,7 @@ if (used + strlen(CFD_TERMINATOR) +2 > C
    memset(sendbuffer,0,CF_BUFSIZE);
    }
    
-sprintf(sp, "%s", CFD_TERMINATOR);
+(void)snprintf(sp, CF_BUFSIZE, "%s", CFD_TERMINATOR);
 
 if (SendTransaction(sd,sendbuffer,0,CF_DONE) == -1)
    {
