$OpenBSD: patch-src_cfenvd_c,v 1.5 2005/10/27 21:47:28 sturm Exp $
--- src/cfenvd.c.orig	Fri Jul 15 11:16:04 2005
+++ src/cfenvd.c	Fri Oct 21 16:35:54 2005
@@ -187,10 +187,10 @@ void CheckOptsAndInit(int argc,char **ar
  int c, i,j,k;
 
 umask(077);
-sprintf(VPREFIX,"cfenvd"); 
+(void)snprintf(VPREFIX,40,"cfenvd"); 
 openlog(VPREFIX,LOG_PID|LOG_NOWAIT|LOG_ODELAY,LOG_DAEMON);
 
-strcpy(CFLOCK,"cfenvd");
+(void)strlcpy(CFLOCK,"cfenvd",sizeof(CFLOCK));
  
 IGNORELOCK = false; 
 OUTPUT[0] = '\0';
@@ -247,30 +247,30 @@ SetSignals();
 
 /* XXX Initialize workdir for non privileged users */
 
-strcpy(CFWORKDIR,WORKDIR);
+(void)strlcpy(CFWORKDIR,WORKDIR,sizeof(CFWORKDIR));
 
 if (getuid() > 0)
    {
    char *homedir;
    if ((homedir = getenv("HOME")) != NULL)
       {
-      strcpy(CFWORKDIR,homedir);
-      strcat(CFWORKDIR,"/.cfagent");
+      (void)strlcpy(CFWORKDIR,homedir,sizeof(CFWORKDIR));
+      (void)strlcat(CFWORKDIR,"/.cfagent",sizeof(CFWORKDIR));
       }
    }
  
-sprintf(VBUFF,"%s/test",CFWORKDIR);
+(void)snprintf(VBUFF,sizeof(VBUFF),"%s/test",CFWORKDIR);
 MakeDirectoriesFor(VBUFF,'y');
-sprintf(VBUFF,"%s/state/test",CFWORKDIR);
+(void)snprintf(VBUFF,sizeof(VBUFF),"%s/state/test",CFWORKDIR);
 MakeDirectoriesFor(VBUFF,'y');
 strncpy(VLOCKDIR,CFWORKDIR,CF_BUFSIZE-1);
 strncpy(VLOGDIR,CFWORKDIR,CF_BUFSIZE-1);
 
 for (i = 0; i < ATTR; i++)
    {
-   sprintf(VBUFF,"%s/state/cf_incoming.%s",CFWORKDIR,ECGSOCKS[i][1]);
+   (void)snprintf(VBUFF,sizeof(VBUFF),"%s/state/cf_incoming.%s",CFWORKDIR,ECGSOCKS[i][1]);
    CreateEmptyFile(VBUFF);
-   sprintf(VBUFF,"%s/state/cf_outgoing.%s",CFWORKDIR,ECGSOCKS[i][1]);
+   (void)snprintf(VBUFF,sizeof(VBUFF),"%s/state/cf_outgoing.%s",CFWORKDIR,ECGSOCKS[i][1]);
    CreateEmptyFile(VBUFF);
    }
 
@@ -280,7 +280,7 @@ for (i = 0; i < CF_NETATTR; i++)
    NETOUT_DIST[i] = NULL;
    }
  
-sprintf(VBUFF,"%s/state/cf_users",CFWORKDIR);
+(void)snprintf(VBUFF,sizeof(VBUFF),"%s/state/cf_users",CFWORKDIR);
 CreateEmptyFile(VBUFF);
  
 snprintf(AVDB,CF_MAXVARSIZE,"%s/state/%s",CFWORKDIR,CF_AVDB_FILE);
@@ -288,6 +288,7 @@ snprintf(STATELOG,CF_BUFSIZE,"%s/state/%
 snprintf(ENV_NEW,CF_BUFSIZE,"%s/state/%s",CFWORKDIR,CF_ENVNEW_FILE);
 snprintf(ENV,CF_BUFSIZE,"%s/state/%s",CFWORKDIR,CF_ENV_FILE);
 
+
 if (!BATCH_MODE)
    {
    GetDatabaseAge();
@@ -476,7 +477,7 @@ void StartServer(int argc,char **argv)
 
 if ((!NO_FORK) && (fork() != 0))
    {
-   sprintf(OUTPUT,"cfenvd: starting\n");
+   (void)snprintf(OUTPUT,sizeof(OUTPUT),"cfenvd: starting\n");
    CfLog(cfinform,OUTPUT,"");
    exit(0);
    }
@@ -650,7 +651,7 @@ if ((now = time((time_t *)NULL)) == -1)
    exit(1);
    }
 
-sprintf(str,"%s",ctime(&now));
+(void)snprintf(str,sizeof(str),"%s",ctime(&now));
 
 return ConvTimeKey(str); 
 }
@@ -816,14 +817,14 @@ SetVariable("loadavg",LOADAVG,av.expect_
 for (i = 0; i < ATTR; i++)
    {
    char name[256];
-   strcpy(name,ECGSOCKS[i][1]);
-   strcat(name,"_in");
+   (void)strlcpy(name,ECGSOCKS[i][1],sizeof(name));
+   (void)strlcat(name,"_in",sizeof(name));
    
    sig = SetClasses(name,INCOMING[i],av.expect_incoming[i],av.var_incoming[i],LOCALAV.expect_incoming[i],LOCALAV.var_incoming[i],&classlist,timekey);
    SetVariable(name,INCOMING[i],av.expect_incoming[i],sig,&classlist);
 
-   strcpy(name,ECGSOCKS[i][1]);
-   strcat(name,"_out");
+   (void)strlcpy(name,ECGSOCKS[i][1],sizeof(name));
+   (void)strlcat(name,"_out",sizeof(name));
 
    sig = SetClasses(name,OUTGOING[i],av.expect_outgoing[i],av.var_outgoing[i],LOCALAV.expect_outgoing[i],LOCALAV.var_outgoing[i],&classlist,timekey);
    SetVariable(name,OUTGOING[i],av.expect_outgoing[i],sig,&classlist);
@@ -843,13 +844,13 @@ for (i = 0; i < PH_LIMIT; i++)
 for (i = 0; i < CF_NETATTR; i++)
    {
    char name[256];
-   strcpy(name,TCPNAMES[i]);
-   strcat(name,"_in");
+   (void)strlcpy(name,TCPNAMES[i],sizeof(name));
+   (void)strlcat(name,"_in",sizeof(name));
    sig = SetClasses(name,NETIN[i],av.expect_netin[i],av.var_netin[i],LOCALAV.expect_netin[i],LOCALAV.var_netin[i],&classlist,timekey);
    SetVariable(name,NETIN[i],av.expect_netin[i],sig,&classlist);
 
-   strcpy(name,TCPNAMES[i]);
-   strcat(name,"_out");
+   (void)strlcpy(name,TCPNAMES[i],sizeof(name));
+   (void)strlcat(name,"_out",sizeof(name));
    sig = SetClasses(name,NETOUT[i],av.expect_netout[i],av.var_netout[i],LOCALAV.expect_netout[i],LOCALAV.var_netout[i],&classlist,timekey);
    SetVariable(name,NETOUT[i],av.expect_netout[i],sig,&classlist);
    }
@@ -1166,7 +1167,7 @@ if (ALL_OUTGOING != NULL)
  
 sscanf(VNETSTAT[VSYSTEMHARDCLASS],"%s",comm);
 
-strcat(comm," -n"); 
+(void)strlcat(comm," -n",sizeof(comm)); 
  
 if ((pp = cfpopen(comm,"r")) == NULL)
    {
@@ -1495,7 +1496,7 @@ struct Averages *GetCurrentAverages(char
  
 if ((errno = db_create(&dbp,NULL,0)) != 0)
    {
-   sprintf(OUTPUT,"Couldn't open average database %s\n",AVDB);
+   (void)snprintf(OUTPUT,sizeof(OUTPUT),"Couldn't open average database %s\n",AVDB);
    CfLog(cferror,OUTPUT,"db_open");
    return NULL;
    }
@@ -1506,7 +1507,7 @@ if ((errno = dbp->open(dbp,AVDB,NULL,DB_
 if ((errno = dbp->open(dbp,NULL,AVDB,NULL,DB_BTREE,DB_CREATE,0644)) != 0)    
 #endif
    {
-   sprintf(OUTPUT,"Couldn't open average database %s\n",AVDB);
+   (void)snprintf(OUTPUT,sizeof(OUTPUT),"Couldn't open average database %s\n",AVDB);
    CfLog(cferror,OUTPUT,"db_open");
    return NULL;
    }
@@ -1556,7 +1557,7 @@ void UpdateAverages(char *timekey,struct
  
 if ((errno = db_create(&dbp,NULL,0)) != 0)
    {
-   sprintf(OUTPUT,"Couldn't open average database %s\n",AVDB);
+   (void)snprintf(OUTPUT,sizeof(OUTPUT),"Couldn't open average database %s\n",AVDB);
    CfLog(cferror,OUTPUT,"db_open");
    return;
    }
@@ -1567,7 +1568,7 @@ if ((errno = dbp->open(dbp,AVDB,NULL,DB_
 if ((errno = dbp->open(dbp,NULL,AVDB,NULL,DB_BTREE,DB_CREATE,0644)) != 0)    
 #endif
    {
-   sprintf(OUTPUT,"Couldn't open average database %s\n",AVDB);
+   (void)snprintf(OUTPUT,sizeof(OUTPUT),"Couldn't open average database %s\n",AVDB);
    CfLog(cferror,OUTPUT,"db_open");
    return;
    }
@@ -1794,27 +1795,27 @@ if (fabs(delta) < cf_noise_threshold) /*
    Debug(" Sensitivity too high ..\n");
 
    buffer[0] = '\0';
-   strcpy(buffer,name);
+   (void)strlcpy(buffer,name,sizeof(buffer));
 
    if ((delta > 0) && (ldelta > 0))
       {
-      strcat(buffer,"_high");
+      (void)strlcat(buffer,"_high",sizeof(buffer));
       }
    else if ((delta < 0) && (ldelta < 0))
       {
-      strcat(buffer,"_low");
+      (void)strlcat(buffer,"_low",sizeof(buffer));
       }
    else
       {
-      strcat(buffer,"_normal");
+      (void)strlcat(buffer,"_normal",sizeof(buffer));
       }
         
     dev = sqrt(delta*delta/(1.0+sigma*sigma)+ldelta*ldelta/(1.0+lsigma*lsigma));
         
     if (dev > 2.0*sqrt(2.0))
        {
-       strcpy(buffer2,buffer);
-       strcat(buffer2,"_microanomaly");
+       (void)strlcpy(buffer2,buffer,sizeof(buffer2));
+       (void)strlcat(buffer2,"_microanomaly",sizeof(buffer2));
        AppendItem(classlist,buffer2,"2");
        AddPersistentClass(buffer2,40,cfpreserve); 
        }
@@ -1824,33 +1825,33 @@ if (fabs(delta) < cf_noise_threshold) /*
  else
     {
     buffer[0] = '\0';
-    strcpy(buffer,name);  
+    (void)strlcpy(buffer,name,sizeof(buffer));  
     
     if ((delta > 0) && (ldelta > 0))
        {
-       strcat(buffer,"_high");
+       (void)strlcat(buffer,"_high",sizeof(buffer));
        }
     else if ((delta < 0) && (ldelta < 0))
        {
-       strcat(buffer,"_low");
+       (void)strlcat(buffer,"_low",sizeof(buffer));
        }
     else
        {
-       strcat(buffer,"_normal");
+       (void)strlcat(buffer,"_normal",sizeof(buffer));
        }
     
     dev = sqrt(delta*delta/(1.0+sigma*sigma)+ldelta*ldelta/(1.0+lsigma*lsigma));
     
     if (dev <= sqrt(2.0))
        {
-       strcpy(buffer2,buffer);
-       strcat(buffer2,"_normal");
+       (void)strlcpy(buffer2,buffer,sizeof(buffer));
+       (void)strlcat(buffer2,"_normal",sizeof(buffer2));
        AppendItem(classlist,buffer2,"0");
        }
     else
        {
-       strcpy(buffer2,buffer);
-       strcat(buffer2,"_dev1");
+       (void)strlcpy(buffer2,buffer,sizeof(buffer2));
+       (void)strlcat(buffer2,"_dev1",sizeof(buffer2));
        AppendItem(classlist,buffer2,"0");
        }
     
@@ -1860,16 +1861,16 @@ if (fabs(delta) < cf_noise_threshold) /*
     
     if (dev > 2.0*sqrt(2.0))
        {
-       strcpy(buffer2,buffer);
-       strcat(buffer2,"_dev2");
+       (void)strlcpy(buffer2,buffer,sizeof(buffer2));
+       (void)strlcat(buffer2,"_dev2",sizeof(buffer2));
        AppendItem(classlist,buffer2,"2");
        AddPersistentClass(buffer2,40,cfpreserve); 
        }
     
     if (dev > 3.0*sqrt(2.0))
        {
-       strcpy(buffer2,buffer);
-       strcat(buffer2,"_anomaly");
+       (void)strlcpy(buffer2,buffer,sizeof(buffer2));
+       (void)strlcat(buffer2,"_anomaly",sizeof(buffer2));
        AppendItem(classlist,buffer2,"3");
        AddPersistentClass(buffer2,40,cfpreserve); 
        }
@@ -1884,13 +1885,13 @@ void SetVariable(char *name,double value
 
 { char var[CF_BUFSIZE];
 
-sprintf(var,"value_%s=%d",name,(int)value);
+(void)snprintf(var,sizeof(var),"value_%s=%d",name,(int)value);
 AppendItem(classlist,var,"");
 
-sprintf(var,"average_%s=%1.1f",name,average);
+(void)snprintf(var,sizeof(var),"average_%s=%1.1f",name,average);
 AppendItem(classlist,var,"");
 
-sprintf(var,"stddev_%s=%1.1f",name,stddev);
+(void)snprintf(var,sizeof(var),"stddev_%s=%1.1f",name,stddev);
 AppendItem(classlist,var,""); 
 }
 
