$OpenBSD: patch-src_cfexecd_c,v 1.5 2005/10/27 21:47:28 sturm Exp $
--- src/cfexecd.c.orig	Wed Aug 10 13:25:08 2005
+++ src/cfexecd.c	Fri Oct 21 16:35:55 2005
@@ -147,7 +147,7 @@ Banner("Check options");
 
 NOSPLAY = false; 
 
-sprintf(VPREFIX, "cfexecd"); 
+(void)snprintf(VPREFIX, 40, "cfexecd"); 
 openlog(VPREFIX,LOG_PID|LOG_NOWAIT|LOG_ODELAY,LOG_DAEMON);
 
 while ((c=getopt_long(argc,argv,"L:d:vhpqFV1g",CFDOPTIONS,&optindex)) != EOF)
@@ -216,15 +216,15 @@ LOGGING = true;                    /* Do
 
  /* XXX Initialize workdir for non privileged users */
 
-strcpy(CFWORKDIR,WORKDIR);
+(void)strlcpy(CFWORKDIR,WORKDIR,sizeof(CFWORKDIR));
 
 if (getuid() > 0)
    {
    char *homedir;
    if ((homedir = getenv("HOME")) != NULL)
       {
-      strcpy(CFWORKDIR,homedir);
-      strcat(CFWORKDIR,"/.cfagent");
+      (void)strlcpy(CFWORKDIR,homedir,sizeof(CFWORKDIR));
+      (void)strlcat(CFWORKDIR,"/.cfagent",sizeof(CFWORKDIR));
       }
    }
 
@@ -246,7 +246,7 @@ strncpy(VLOGDIR,CFWORKDIR,CF_BUFSIZE-1);
 VCANONICALFILE = strdup(CanonifyName(VINPUTFILE));
 GetNameInfo();
 
-strcpy(VUQNAME,VSYSNAME.nodename);
+(void)strlcpy(VUQNAME,VSYSNAME.nodename,CF_MAXVARSIZE);
 
 MAILTO[0] = '\0';
 MAILFROM[0] = '\0';
@@ -564,7 +564,7 @@ for (ip = SCHEDULE; ip != NULL; ip = ip-
       DeleteItemList(VHEAP);
       VHEAP = NULL;
       GetNameInfo();
-      strcpy(VUQNAME,VSYSNAME.nodename);
+      (void)strlcpy(VUQNAME,VSYSNAME.nodename,CF_MAXVARSIZE);
       return true;
       }
    }
@@ -572,7 +572,7 @@ for (ip = SCHEDULE; ip != NULL; ip = ip-
 DeleteItemList(VHEAP);
 VHEAP = NULL; 
 GetNameInfo();
-strcpy(VUQNAME,VSYSNAME.nodename);
+(void)strlcpy(VUQNAME,VSYSNAME.nodename,CF_MAXVARSIZE);
 return false;
 }
 
@@ -980,7 +980,7 @@ if (!Dialogue(sd,NULL))
    goto mail_err;
    }
  
-sprintf(VBUFF,"HELO %s\r\n",VFQNAME); 
+(void)snprintf(VBUFF,sizeof(VBUFF),"HELO %s\r\n",VFQNAME); 
 Debug("%s",VBUFF);
 
 if (!Dialogue(sd,VBUFF))
@@ -990,7 +990,7 @@ if (!Dialogue(sd,VBUFF))
 
 if (strlen(MAILFROM) > 0)
    {
-   sprintf(VBUFF,"MAIL FROM: <%s>\r\n",MAILFROM);
+   (void)snprintf(VBUFF,sizeof(VBUFF),"MAIL FROM: <%s>\r\n",MAILFROM);
    Debug("%s",VBUFF);   
    }
 else
@@ -1000,12 +1000,12 @@ else
    
    if (strlen(domain) > 0)
       {
-      sprintf(VBUFF,"MAIL FROM: <cfengine@%s>\r\n",domain);
+      (void)snprintf(VBUFF,sizeof(VBUFF),"MAIL FROM: <cfengine@%s>\r\n",domain);
       Debug("%s",VBUFF);
       }
    else
       {
-      sprintf(VBUFF,"MAIL FROM: <%s>\r\n",to);
+      (void)snprintf(VBUFF,sizeof(VBUFF),"MAIL FROM: <%s>\r\n",to);
       Debug("%s",VBUFF);   
       }
    }
@@ -1015,7 +1015,7 @@ if (!Dialogue(sd,VBUFF))
    goto mail_err;
    }
  
-sprintf(VBUFF,"RCPT TO: <%s>\r\n",to);
+(void)snprintf(VBUFF,sizeof(VBUFF),"RCPT TO: <%s>\r\n",to);
 Debug("%s",VBUFF);
 
 if (!Dialogue(sd,VBUFF))
@@ -1030,12 +1030,12 @@ if (!Dialogue(sd,"DATA\r\n"))
 
 if (anomaly)
    {
-   sprintf(VBUFF,"Subject: **!! (%s/%s)\r\n",VFQNAME,VIPADDRESS);
+   (void)snprintf(VBUFF,sizeof(VBUFF),"Subject: **!! (%s/%s)\r\n",VFQNAME,VIPADDRESS);
    Debug("%s",VBUFF);
    }
 else
    {
-   sprintf(VBUFF,"Subject: (%s/%s)\r\n",VFQNAME,VIPADDRESS);
+   (void)snprintf(VBUFF,sizeof(VBUFF),"Subject: (%s/%s)\r\n",VFQNAME,VIPADDRESS);
    Debug("%s",VBUFF);
    }
  
@@ -1051,18 +1051,18 @@ sent=send(sd,VBUFF,strlen(VBUFF),0);
 
  if (strlen(MAILFROM) == 0)
     {
-    sprintf(VBUFF,"From: cfengine@%s\r\n",VFQNAME);
+    (void)snprintf(VBUFF,sizeof(VBUFF),"From: cfengine@%s\r\n",VFQNAME);
     Debug("%s",VBUFF);
     }
  else
     {
-    sprintf(VBUFF,"From: %s\r\n",MAILFROM);
+    (void)snprintf(VBUFF,sizeof(VBUFF),"From: %s\r\n",MAILFROM);
     Debug("%s",VBUFF);    
     }
  
 sent=send(sd,VBUFF,strlen(VBUFF),0);
 
-sprintf(VBUFF,"To: %s\r\n\r\n",to); 
+(void)snprintf(VBUFF,sizeof(VBUFF),"To: %s\r\n\r\n",to); 
 Debug("%s",VBUFF);
 sent=send(sd,VBUFF,strlen(VBUFF),0);
 
@@ -1075,14 +1075,14 @@ while(!feof(fp))
    if (strlen(VBUFF) > 0)
       {
       VBUFF[strlen(VBUFF)-1] = '\r';
-      strcat(VBUFF, "\n");
+      (void)strlcat(VBUFF, "\n",sizeof(VBUFF));
       count++;
       sent=send(sd,VBUFF,strlen(VBUFF),0);
       }
    
    if ((MAXLINES != INF_LINES) && (count > MAXLINES))
       {
-      sprintf(VBUFF,"\r\n[Mail truncated by cfengine. File is at %s on %s]\r\n",file,VFQNAME);
+      (void)snprintf(VBUFF,sizeof(VBUFF),"\r\n[Mail truncated by cfengine. File is at %s on %s]\r\n",file,VFQNAME);
       sent=send(sd,VBUFF,strlen(VBUFF),0);
       break;
       }
@@ -1104,7 +1104,7 @@ mail_err: 
 
 fclose(fp);
 close(sd); 
-sprintf(VBUFF, "Cannot mail to %s.", to);
+(void)snprintf(VBUFF, sizeof(VBUFF), "Cannot mail to %s.", to);
 CfLog(cflogonly,VBUFF,"");
 }
 
