$OpenBSD: patch-src_item-ext_c,v 1.3 2005/07/21 15:16:47 aanriot Exp $
--- src/item-ext.c.orig	Tue Feb 22 07:21:39 2005
+++ src/item-ext.c	Fri Jul 15 12:24:01 2005
@@ -190,6 +190,7 @@ void InsertItemAfter (struct Item **file
 
 { struct Item *ip;
   char *sp;
+  size_t splen;
 
 EditVerbose("Inserting %s \n",string);
 
@@ -199,7 +200,8 @@ if ((ip = (struct Item *)malloc(sizeof(s
    FatalError("");
    }
 
-if ((sp = malloc(strlen(string)+1)) == NULL)
+splen = strlen(string) + 1;
+if ((sp = malloc(splen)) == NULL)
    {
    CfLog(cferror,"","Can't allocate memory in InsertItemAfter()");
    FatalError("");
@@ -218,7 +220,7 @@ if (CURRENTLINEPTR == NULL)   /* File is
       (*filestart)->next = ip;
       }
    
-   strcpy(sp,string);
+   (void)strlcpy(sp,string,splen);
    ip->name = sp;
    ip->classes = NULL;
    CURRENTLINEPTR = ip;
@@ -230,7 +232,7 @@ else
    CURRENTLINENUMBER++;
    CURRENTLINEPTR->next = ip;
    CURRENTLINEPTR = ip;
-   strcpy(sp,string);
+   (void)strlcpy(sp,string,splen);
    ip->name = sp;
    ip->classes = NULL;
    }
@@ -795,7 +797,7 @@ for (ip = *list; ip != NULL; ip=ip->next
          FatalError("");;
          }
 
-      strcpy(ip->name,buff);
+      (void)strlcpy(ip->name,buff,CF_BUFSIZE);
       NUMBEROFEDITS++;
 
       return true;
@@ -849,7 +851,7 @@ for (ip = *list; ip != NULL; ip=ip->next
          FatalError("");;
          }
 
-      strcpy(ip->name,buff);
+      (void)strlcpy(ip->name,buff,CF_BUFSIZE);
       NUMBEROFEDITS++;
 
       return true;
@@ -916,7 +918,7 @@ for (ip = *list; ip != NULL; ip=ip->next
             FatalError("");;
             }
          
-         strcpy(ip->name,buff);
+         (void)strlcpy(ip->name,buff,CF_BUFSIZE);
          NUMBEROFEDITS++;
          
          regfree(&rx);
@@ -937,6 +939,7 @@ int UnCommentItemMatching(struct Item **
   char *sp, *sp1, *sp2, *spc;
   regex_t rx,rxcache;
   regmatch_t pmatch;
+  size_t splen;
 
 if (CfRegcomp(&rxcache,string, REG_EXTENDED) != 0)
    {
@@ -974,7 +977,8 @@ for (ip = *list; ip != NULL; ip=ip->next
          EditVerbose("Uncomment line %s\n",ip->name);
          CURRENTLINEPTR = ip->next;
          
-         if ((sp = malloc(strlen(ip->name)+2)) == NULL)
+         splen = strlen(ip->name)+2;
+         if ((sp = malloc(splen)) == NULL)
             {
             CfLog(cferror,"No Memory in UnCommentNLines\n","malloc");
             regfree(&rx);
@@ -1001,11 +1005,11 @@ for (ip = *list; ip != NULL; ip=ip->next
             *sp2 = '\0';
             }
          
-         strcat(sp,sp1+strlen(comm));
+         (void)strlcat(sp,sp1+strlen(comm),splen);
          
          if (sp2 != ip->name+strlen(ip->name))
             {
-            strcat(sp,sp2+strlen(end));
+            (void)strlcat(sp,sp2+strlen(end),splen);
             }
          
          if (strcmp(sp,ip->name) != 0)
@@ -1031,6 +1035,7 @@ int UnCommentItemContaining(struct Item 
 
 { struct Item *ip;
   char *sp, *sp1, *sp2, *spc;
+  size_t splen;
 
 for (ip = *list; ip != NULL; ip=ip->next)
    {
@@ -1050,7 +1055,8 @@ for (ip = *list; ip != NULL; ip=ip->next
       EditVerbose("Uncomment line %s\n",ip->name);
       CURRENTLINEPTR = ip->next;
 
-      if ((sp = malloc(strlen(ip->name)+2)) == NULL)
+      splen = strlen(ip->name)+2;
+      if ((sp = malloc(splen)) == NULL)
          {
          CfLog(cferror,"No memory in UnCommentNLines\n","malloc");
          return false;
@@ -1076,11 +1082,11 @@ for (ip = *list; ip != NULL; ip=ip->next
          *sp2 = '\0';
          }
 
-      strcat(sp,sp1+strlen(comm));
+      (void)strlcat(sp,sp1+strlen(comm),splen);
 
       if (sp2 != ip->name+strlen(ip->name))
          {
-         strcat(sp,sp2+strlen(end));
+         (void)strlcat(sp,sp2+strlen(end),splen);
          }
 
       if (strcmp(sp,ip->name) != 0)
@@ -1109,6 +1115,7 @@ int CommentToRegExp(struct Item **filest
   char *sp;
   regex_t rx,rxcache;
   regmatch_t pmatch;
+  size_t splen;
 
 Debug2("CommentToRegExp(list,%s %s)\n",comm,string);
 
@@ -1168,16 +1175,17 @@ for (ip = CURRENTLINEPTR; ip != NULL; ip
    NUMBEROFEDITS++;
    CURRENTLINEPTR = ip->next;
 
-   if ((sp = malloc(strlen(ip->name)+strlen(comm)+strlen(end)+2)) == NULL)
+   splen = strlen(ip->name)+strlen(comm)+strlen(end)+2;
+   if ((sp = malloc(splen)) == NULL)
       {
       CfLog(cferror,"No memory in CommentToRegExp\n","malloc");
       regfree(&rx);
       return false;
       }
 
-   strcpy (sp,comm);
-   strcat (sp,ip->name);
-   strcat (sp,end);
+   (void)strlcpy (sp,comm,splen);
+   (void)strlcat (sp,ip->name,splen);
+   (void)strlcat (sp,end,splen);
 
    free (ip->name);
    ip->name = sp;
@@ -1374,7 +1382,7 @@ for (ip = *liststart; ip != NULL; ip=ip-
          {
          sp += match.rm_eo - match.rm_so - 1;
          VBUFF[i] = '\0';
-         strcat(VBUFF,replace);
+         (void)strlcat(VBUFF,replace,sizeof(VBUFF));
          i += strlen(replace)-1;
          
          memcpy(&rx,&rxcache,sizeof(rx)); /* To fix a bug on some implementations where rx gets emptied */
@@ -1469,12 +1477,12 @@ char *search, *replace;
       start = ip->name + match.rm_so;
       EditVerbose("Doing SingleReplace of \"%s\" with \"%s\" on line %d\n",start,replace,i);
       bzero(VBUFF,CF_BUFSIZE);
-      strcpy(VBUFF,ip->name);
+      (void)strlcpy(VBUFF,ip->name,sizeof(VBUFF));
       VBUFF[match.rm_so] = '\0';  /* ...head of string */
-      strcat(VBUFF,replace);      /* ...replacement string */
+      (void)strlcat(VBUFF,replace,sizeof(VBUFF));      /* ...replacement string */
       sp = ip->name;
       sp += match.rm_eo;
-      strcat(VBUFF,sp);           /* ...tail of string */
+      (void)strlcat(VBUFF,sp,sizeof(VBUFF));           /* ...tail of string */
       Debug("SRDEBUG old line num %d is: \"%s\"\n",i,ip->name);
       Debug("SRDEBUG new line num %d is: \"%s\"\n",i,VBUFF);
       CURRENTLINEPTR = ip;
@@ -1497,6 +1505,7 @@ int CommentSeveralLines(struct Item **fi
 { struct Item *ip;
   int ctr, N = -99, done = false;
   char *sp;
+  size_t splen;
 
 Debug2("CommentNLines(list,%s)\n",string);
 
@@ -1552,15 +1561,16 @@ for (ip = CURRENTLINEPTR; ip != NULL; ip
    NUMBEROFEDITS++;
    CURRENTLINEPTR = ip->next;
 
-   if ((sp = malloc(strlen(ip->name)+strlen(comm)+strlen(end)+2)) == NULL)
+   splen = strlen(ip->name)+strlen(comm)+strlen(end)+2;
+   if ((sp = malloc(splen)) == NULL)
       {
       CfLog(cferror,"No memory in CommentNLines\n","malloc");
       return false;
       }
 
-   strcpy (sp,comm);
-   strcat (sp,ip->name);
-   strcat (sp,end);
+   (void)strlcpy (sp,comm,splen);
+   (void)strlcat (sp,ip->name,splen);
+   (void)strlcat (sp,end,splen);
 
    free (ip->name);
    ip->name = sp;
@@ -1590,6 +1600,7 @@ int UnCommentSeveralLines (struct Item *
 { struct Item *ip;
   int ctr, N = -99, done = false;
   char *sp, *sp1, *sp2, *spc;
+  size_t splen;
 
 Debug2("UnCommentNLines(list,%s)\n",string);
 
@@ -1640,7 +1651,8 @@ for (ip = CURRENTLINEPTR; ip != NULL; ip
    EditVerbose("Uncomment line %s\n",ip->name);
    CURRENTLINEPTR = ip->next;
 
-   if ((sp = malloc(strlen(ip->name)+2)) == NULL)
+   splen = strlen(ip->name)+2;
+   if ((sp = malloc(splen)) == NULL)
       {
       CfLog(cferror,"No memory in UnCommentNLines\n","malloc");
       return false;
@@ -1666,11 +1678,11 @@ for (ip = CURRENTLINEPTR; ip != NULL; ip
       *sp2 = '\0';
       }
 
-   strcat(sp,sp1+strlen(comm));
+   (void)strlcat(sp,sp1+strlen(comm),splen);
 
    if (sp2 != ip->name+strlen(ip->name))
       {
-      strcat(sp,sp2+strlen(end));
+      (void)strlcat(sp,sp2+strlen(end),splen);
       }
 
    ctr++;
@@ -1855,7 +1867,7 @@ for (ip = *filestart; ip != NULL; ip=ip-
       free(ip->name);
       
       ip->name = (char *) malloc(strlen(replace)+1);
-      strcpy(ip->name,replace);
+      (void)strlcpy(ip->name,replace,strlen(replace));
       EditVerbose("Edit:   With (%s)\n",replace);
       }
    }
@@ -1866,6 +1878,7 @@ for (ip = *filestart; ip != NULL; ip=ip-
 void AppendToLine(struct Item *current,char *text,char *filename)
 
 { char *new;
+  size_t buflen;
 
 if (strstr(current->name,text))
    {
@@ -1874,9 +1887,10 @@ if (strstr(current->name,text))
 
 EditVerbose("Appending %s to line %-60s...\n",text,current->name);
 
-new = malloc(strlen(current->name)+strlen(text)+1);
-strcpy(new,current->name);
-strcat(new,text);
+buflen = strlen(current->name)+strlen(text)+1;
+new = malloc(buflen);
+(void)strlcpy(new,current->name,buflen);
+(void)strlcat(new,text,buflen);
 NUMBEROFEDITS++;
 
 free(current->name);
