$OpenBSD: patch-src_cfrun_c,v 1.4 2005/10/27 21:47:28 sturm Exp $
--- src/cfrun.c.orig	Wed Aug 10 05:01:17 2005
+++ src/cfrun.c	Thu Oct 27 23:06:44 2005
@@ -234,7 +234,7 @@ for (i = 1; i < argc; i++) 
 
   /* XXX Initialize workdir for non privileged users */
 
- strcpy(CFWORKDIR,WORKDIR);
+ (void)strlcpy(CFWORKDIR,WORKDIR,sizeof(CFWORKDIR));
 
  if (getuid() > 0)
     {
@@ -242,7 +242,7 @@ for (i = 1; i < argc; i++) 
     if ((homedir = getenv("HOME")) != NULL)
        {
        strncpy(CFWORKDIR,homedir,CF_BUFSIZE-16);
-       strcat(CFWORKDIR,"/.cfagent");
+       (void)strlcat(CFWORKDIR,"/.cfagent",sizeof(CFWORKDIR));
        }
     }
 
@@ -255,14 +255,15 @@ for (i = 1; i < argc; i++) 
  
  Debug("FQNAME = %s, WORKDIR = %s\n",VFQNAME,WORKDIR);
  
- sprintf(VPREFIX,"cfrun:%s",VFQNAME);
+ (void)snprintf(VPREFIX,40,"cfrun:%s",VFQNAME);
  
  
 /* Read hosts file */
  
  umask(077);
- strcpy(VLOCKDIR,CFWORKDIR);
- strcpy(VLOGDIR,CFWORKDIR); 
+ (void)strlcpy(VLOCKDIR,CFWORKDIR,CF_BUFSIZE);
+ (void)strlcpy(VLOGDIR,CFWORKDIR,CF_BUFSIZE); 
+
  
  OpenSSL_add_all_algorithms();
  ERR_load_crypto_strings();
@@ -296,7 +297,7 @@ CONN = NewAgentConn();
 
 if (storeinfile)
    {
-   sprintf(filebuffer, "%s/%s", OUTPUTDIR, host);
+   (void)snprintf(filebuffer, sizeof(filebuffer), "%s/%s", OUTPUTDIR, host);
    if ((fp = fopen(filebuffer, "w")) == NULL)
       {
       return false;
@@ -566,10 +567,10 @@ if (!strchr(VCFRUNHOSTS, '/'))
    {
    if ((sp=getenv(CF_INPUTSVAR)) != NULL)
       {
-      strcpy(filename,sp);
+      (void)strlcpy(filename,sp,sizeof(filename));
       if (filename[strlen(filename)-1] != '/')
          {
-         strcat(filename,"/");
+         (void)strlcat(filename,"/",sizeof(filename));
          }
       }
    else
@@ -578,7 +579,7 @@ if (!strchr(VCFRUNHOSTS, '/'))
       }
    }
  
-strcat(filename,cfg_fic);
+(void)strlcat(filename,cfg_fic,sizeof(filename));
 
 if ((fp = fopen(filename,"r")) == NULL)      /* Open root file */
    {
@@ -603,7 +604,7 @@ while (!feof(fp))
 
    if (strncmp(line,"hostnamekeys",6) == 0)
       {
-      char buf[16];
+      char buf[296];
       buf[0] = '\0';
       sscanf(line,"hostnamekeys = %295[^# \n]",buf);
       Verbose("Hostname keys\n");
@@ -714,8 +715,8 @@ while (!feof(fp))
 
    if ((!strstr(buffer,".")) && (strlen(VDOMAIN) > 0))
       {
-      strcat(buffer,".");
-      strcat(buffer,VDOMAIN);
+      (void)strlcat(buffer,".",sizeof(buffer));
+      (void)strlcat(buffer,VDOMAIN,sizeof(buffer));
       }
       
    if (!IsItemIn(VCFRUNHOSTLIST,buffer))
@@ -773,8 +774,8 @@ for (ip = VCFRUNCLASSES; ip != NULL; ip 
       memset(sendbuffer,0,CF_BUFSIZE);
       }
    
-   strcat(sendbuffer,ip->name);
-   strcat(sendbuffer," ");
+   (void)strlcat(sendbuffer,ip->name,CF_BUFSIZE);
+   (void)strlcat(sendbuffer," ",CF_BUFSIZE);
 
    sp += strlen(ip->name)+1;
    used += strlen(ip->name)+1;
@@ -793,7 +794,7 @@ if (used + strlen(CFD_TERMINATOR) +2 > C
    memset(sendbuffer,0,CF_BUFSIZE);
    }
    
-sprintf(sp, "%s", CFD_TERMINATOR);
+(void)snprintf(sp, CF_BUFSIZE, "%s", CFD_TERMINATOR);
 
 if (SendTransaction(sd,sendbuffer,0,CF_DONE) == -1)
    {
