$OpenBSD: patch-protocols_yahoo_libyahoo2_c,v 1.3 2004/10/21 14:48:51 naddy Exp $
--- protocols/yahoo/libyahoo2.c.orig	Sat Sep 25 21:26:09 2004
+++ protocols/yahoo/libyahoo2.c	Thu Oct 14 15:43:35 2004
@@ -638,7 +638,7 @@ static void yahoo_packet_read(struct yah
 	}
 }
 
-static void yahoo_packet_write(struct yahoo_packet *pkt, unsigned char *data)
+static void yahoo_packet_write(struct yahoo_packet *pkt, unsigned char *data, size_t data_len)
 {
 	YList *l;
 	int pos = 0;
@@ -648,12 +648,12 @@ static void yahoo_packet_write(struct ya
 		unsigned char buf[100];
 
 		snprintf((char *)buf, sizeof(buf), "%d", pair->key);
-		strcpy((char *)data + pos, (char *)buf);
+		strlcpy((char *)data + pos, (char *)buf, data_len - pos);
 		pos += strlen((char *)buf);
 		data[pos++] = 0xc0;
 		data[pos++] = 0x80;
 
-		strcpy((char *)data + pos, pair->value);
+		strlcpy((char *)data + pos, pair->value, data_len - pos);
 		pos += strlen(pair->value);
 		data[pos++] = 0xc0;
 		data[pos++] = 0x80;
@@ -762,7 +762,7 @@ static void yahoo_send_packet(struct yah
 	pos += yahoo_put32(data + pos, pkt->status);
 	pos += yahoo_put32(data + pos, pkt->id);
 
-	yahoo_packet_write(pkt, data + pos);
+	yahoo_packet_write(pkt, data + pos, len - pos);
 
 	yahoo_packet_dump(data, len);
 	
@@ -1561,8 +1561,10 @@ static void yahoo_process_auth_pre_0x0b(
 	char *crypt_result;
 	unsigned char *password_hash = malloc(25);
 	unsigned char *crypt_hash = malloc(25);
-	unsigned char *hash_string_p = malloc(50 + strlen(sn));
-	unsigned char *hash_string_c = malloc(50 + strlen(sn));
+	size_t p_len = 50 + strlen(sn);
+	size_t c_len = 50 + strlen(sn);
+	unsigned char *hash_string_p = malloc(p_len);
+	unsigned char *hash_string_c = malloc(c_len);
 	
 	char checksum;
 	
@@ -1589,37 +1591,37 @@ static void yahoo_process_auth_pre_0x0b(
 	switch (sv) {
 	case 0:
 		checksum = seed[seed[7] % 16];
-		snprintf((char *)hash_string_p, strlen(sn) + 50,
+		snprintf((char *)hash_string_p, p_len,
 			"%c%s%s%s", checksum, password_hash, yd->user, seed);
-		snprintf((char *)hash_string_c, strlen(sn) + 50,
+		snprintf((char *)hash_string_c, c_len,
 			"%c%s%s%s", checksum, crypt_hash, yd->user, seed);
 		break;
 	case 1:
 		checksum = seed[seed[9] % 16];
-		snprintf((char *)hash_string_p, strlen(sn) + 50,
+		snprintf((char *)hash_string_p, p_len,
 			"%c%s%s%s", checksum, yd->user, seed, password_hash);
-		snprintf((char *)hash_string_c, strlen(sn) + 50,
+		snprintf((char *)hash_string_c, c_len,
 			"%c%s%s%s", checksum, yd->user, seed, crypt_hash);
 		break;
 	case 2:
 		checksum = seed[seed[15] % 16];
-		snprintf((char *)hash_string_p, strlen(sn) + 50,
+		snprintf((char *)hash_string_p, p_len,
 			"%c%s%s%s", checksum, seed, password_hash, yd->user);
-		snprintf((char *)hash_string_c, strlen(sn) + 50,
+		snprintf((char *)hash_string_c, c_len,
 			"%c%s%s%s", checksum, seed, crypt_hash, yd->user);
 		break;
 	case 3:
 		checksum = seed[seed[1] % 16];
-		snprintf((char *)hash_string_p, strlen(sn) + 50,
+		snprintf((char *)hash_string_p, p_len,
 			"%c%s%s%s", checksum, yd->user, password_hash, seed);
-		snprintf((char *)hash_string_c, strlen(sn) + 50,
+		snprintf((char *)hash_string_c, c_len,
 			"%c%s%s%s", checksum, yd->user, crypt_hash, seed);
 		break;
 	case 4:
 		checksum = seed[seed[3] % 16];
-		snprintf((char *)hash_string_p, strlen(sn) + 50,
+		snprintf((char *)hash_string_p, p_len,
 			"%c%s%s%s", checksum, password_hash, seed, yd->user);
-		snprintf((char *)hash_string_c, strlen(sn) + 50,
+		snprintf((char *)hash_string_c, c_len,
 			"%c%s%s%s", checksum, crypt_hash, seed, yd->user);
 		break;
 	}
@@ -1945,29 +1947,29 @@ static void yahoo_process_auth_0x0b(stru
 		lookup &= 0x1f;
 		if (lookup >= strlen(alphabet1))
 			break;
-		sprintf(byte, "%c", alphabet1[lookup]);
-		strcat(resp_6, byte);
-		strcat(resp_6, "=");
+		snprintf(byte, sizeof(byte), "%c", alphabet1[lookup]);
+		strlcat(resp_6, byte, sizeof(resp_6));
+		strlcat(resp_6, "=",  sizeof(resp_6));
 
 		lookup = (val >> 0x06);
 		lookup &= 0x1f;
 		if (lookup >= strlen(alphabet2))
 			break;
-		sprintf(byte, "%c", alphabet2[lookup]);
-		strcat(resp_6, byte);
+		snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]);
+		strlcat(resp_6, byte, sizeof(resp_6));
 
 		lookup = (val >> 0x01);
 		lookup &= 0x1f;
 		if (lookup >= strlen(alphabet2))
 			break;
-		sprintf(byte, "%c", alphabet2[lookup]);
-		strcat(resp_6, byte);
+		snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]);
+		strlcat(resp_6, byte, sizeof(resp_6));
 
 		lookup = (val & 0x01);
 		if (lookup >= strlen(delimit_lookup))
 			break;
-		sprintf(byte, "%c", delimit_lookup[lookup]);
-		strcat(resp_6, byte);
+		snprintf(byte, sizeof(byte), "%c", delimit_lookup[lookup]);
+		strlcat(resp_6, byte, sizeof(resp_6));
 	}
 
 	/* Our second authentication response is based off 
@@ -2036,29 +2038,29 @@ static void yahoo_process_auth_0x0b(stru
 		lookup &= 0x1f;
 		if (lookup >= strlen(alphabet1))
 			break;
-		sprintf(byte, "%c", alphabet1[lookup]);
-		strcat(resp_96, byte);
-		strcat(resp_96, "=");
+		snprintf(byte, sizeof(byte), "%c", alphabet1[lookup]);
+		strlcat(resp_96, byte, sizeof(resp_96));
+		strlcat(resp_96, "=", sizeof(resp_96));
 
 		lookup = (val >> 0x06);
 		lookup &= 0x1f;
 		if (lookup >= strlen(alphabet2))
 			break;
-		sprintf(byte, "%c", alphabet2[lookup]);
-		strcat(resp_96, byte);
+		snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]);
+		strlcat(resp_96, byte, sizeof(resp_96));
 
 		lookup = (val >> 0x01);
 		lookup &= 0x1f;
 		if (lookup >= strlen(alphabet2))
 			break;
-		sprintf(byte, "%c", alphabet2[lookup]);
-		strcat(resp_96, byte);
+		snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]);
+		strlcat(resp_96, byte, sizeof(resp_96));
 
 		lookup = (val & 0x01);
 		if (lookup >= strlen(delimit_lookup))
 			break;
-		sprintf(byte, "%c", delimit_lookup[lookup]);
-		strcat(resp_96, byte);
+		snprintf(byte, sizeof(byte), "%c", delimit_lookup[lookup]);
+		strlcat(resp_96, byte, sizeof(resp_96));
 	}
 
 	pack = yahoo_packet_new(YAHOO_SERVICE_AUTHRESP, yd->initial_status, yd->session_id);
@@ -3079,11 +3081,9 @@ static void yahoo_process_yab_connection
 				if(yab->nname) {
 					bud->real_name = strdup(yab->nname);
 				} else if(yab->fname && yab->lname) {
-					bud->real_name = y_new0(char, 
-							strlen(yab->fname)+
-							strlen(yab->lname)+2
-							);
-					sprintf(bud->real_name, "%s %s",
+					size_t len = strlen(yab->fname) + strlen(yab->lname) + 2;
+					bud->real_name = y_new0(char,  len);
+					snprintf(bud->real_name, len, "%s %s",
 							yab->fname, yab->lname);
 				} else if(yab->fname) {
 					bud->real_name = strdup(yab->fname);
@@ -3682,7 +3682,7 @@ void yahoo_get_yab(int id)
 	yid->yd = yd;
 	yid->type = YAHOO_CONNECTION_YAB;
 
-	snprintf(url, 1024, "http://insider.msg.yahoo.com/ycontent/?ab2=0");
+	snprintf(url, sizeof(url), "http://insider.msg.yahoo.com/ycontent/?ab2=0");
 
 	snprintf(buff, sizeof(buff), "Y=%s; T=%s",
 			yd->cookie_y, yd->cookie_t);
@@ -3709,63 +3709,63 @@ void yahoo_set_yab(int id, struct yab * 
 	yid->type = YAHOO_CONNECTION_YAB;
 	yid->yd = yd;
 
-	strncpy(url, "http://insider.msg.yahoo.com/ycontent/?addab2=0", size);
+	strlcpy(url, "http://insider.msg.yahoo.com/ycontent/?addab2=0", size);
 
 	if(yab->dbid) {
 		/* change existing yab */
 		char tmp[32];
-		strncat(url, "&ee=1&ow=1&id=", size - strlen(url));
+		strlcat(url, "&ee=1&ow=1&id=", sizeof(url));
 		snprintf(tmp, sizeof(tmp), "%d", yab->dbid);
-		strncat(url, tmp, size - strlen(url));
+		strlcat(url, tmp, sizeof(url));
 	}
 
 	if(yab->fname) {
-		strncat(url, "&fn=", size - strlen(url));
+		strlcat(url, "&fn=", sizeof(url));
 		temp = yahoo_urlencode(yab->fname);
-		strncat(url, temp, size - strlen(url));
+		strlcat(url, temp, sizeof(url));
 		free(temp);
 	}
 	if(yab->lname) {
-		strncat(url, "&ln=", size - strlen(url));
+		strlcat(url, "&ln=", sizeof(url));
 		temp = yahoo_urlencode(yab->lname);
-		strncat(url, temp, size - strlen(url));
+		strlcat(url, temp, sizeof(url));
 		free(temp);
 	}
-	strncat(url, "&yid=", size - strlen(url));
+	strlcat(url, "&yid=", sizeof(url));
 	temp = yahoo_urlencode(yab->id);
-	strncat(url, temp, size - strlen(url));
+	strlcat(url, temp, sizeof(url));
 	free(temp);
 	if(yab->nname) {
-		strncat(url, "&nn=", size - strlen(url));
+		strlcat(url, "&nn=", sizeof(url));
 		temp = yahoo_urlencode(yab->nname);
-		strncat(url, temp, size - strlen(url));
+		strlcat(url, temp, sizeof(url));
 		free(temp);
 	}
 	if(yab->email) {
-		strncat(url, "&e=", size - strlen(url));
+		strlcat(url, "&e=", sizeof(url));
 		temp = yahoo_urlencode(yab->email);
-		strncat(url, temp, size - strlen(url));
+		strlcat(url, temp, sizeof(url));
 		free(temp);
 	}
 	if(yab->hphone) {
-		strncat(url, "&hp=", size - strlen(url));
+		strlcat(url, "&hp=", sizeof(url));
 		temp = yahoo_urlencode(yab->hphone);
-		strncat(url, temp, size - strlen(url));
+		strlcat(url, temp, sizeof(url));
 		free(temp);
 	}
 	if(yab->wphone) {
-		strncat(url, "&wp=", size - strlen(url));
+		strlcat(url, "&wp=", sizeof(url));
 		temp = yahoo_urlencode(yab->wphone);
-		strncat(url, temp, size - strlen(url));
+		strlcat(url, temp, sizeof(url));
 		free(temp);
 	}
 	if(yab->mphone) {
-		strncat(url, "&mp=", size - strlen(url));
+		strlcat(url, "&mp=", sizeof(url));
 		temp = yahoo_urlencode(yab->mphone);
-		strncat(url, temp, size - strlen(url));
+		strlcat(url, temp, sizeof(url));
 		free(temp);
 	}
-	strncat(url, "&pp=0", size - strlen(url));
+	strlcat(url, "&pp=0", sizeof(url));
 
 	snprintf(buff, sizeof(buff), "Y=%s; T=%s",
 			yd->cookie_y, yd->cookie_t);
@@ -4136,9 +4136,9 @@ void yahoo_get_chatrooms(int id, int cha
 	yid->type = YAHOO_CONNECTION_CHATCAT;
 
 	if (chatroomid == 0) {
-		snprintf(url, 1024, "http://insider.msg.yahoo.com/ycontent/?chatcat=0");
+		snprintf(url, sizeof(url), "http://insider.msg.yahoo.com/ycontent/?chatcat=0");
 	} else {
-		snprintf(url, 1024, "http://insider.msg.yahoo.com/ycontent/?chatroom_%d=0",chatroomid);
+		snprintf(url, sizeof(url), "http://insider.msg.yahoo.com/ycontent/?chatroom_%d=0",chatroomid);
 	}
 
 	snprintf(buff, sizeof(buff), "Y=%s; T=%s", yd->cookie_y, yd->cookie_t);
@@ -4373,7 +4373,7 @@ static void yahoo_search_internal(int id
 	while((p = strchr(ctext, ' ')))
 		*p = '+';
 
-	snprintf(url, 1024, "http://members.yahoo.com/interests?.oc=m&.kw=%s&.sb=%d&.g=%d&.ar=0%s%s%s",
+	snprintf(url, sizeof(url), "http://members.yahoo.com/interests?.oc=m&.kw=%s&.sb=%d&.g=%d&.ar=0%s%s%s",
 			ctext, t, g, photo ? "&.p=y" : "", yahoo_only ? "&.pg=y" : "",
 			startpos ? buff : "");
 
