$OpenBSD: patch-src_item_c,v 1.5 2005/10/27 21:47:28 sturm Exp $
--- src/item.c.orig	Thu Aug 11 04:22:28 2005
+++ src/item.c	Fri Oct 21 16:35:56 2005
@@ -212,6 +212,7 @@ void PrependItem (struct Item **liststar
 
 { struct Item *ip;
   char *sp,*spe = NULL;
+  size_t splen, spelen = 0;
 
 if (!PARSING && (ACTION == editfiles))
    {
@@ -229,19 +230,24 @@ if ((ip = (struct Item *)malloc(sizeof(s
    FatalError("");
    }
 
-if ((sp = malloc(strlen(itemstring)+2)) == NULL)
+splen = strlen(itemstring) + 2;
+if ((sp = malloc(splen)) == NULL)
    {
    CfLog(cferror,"","malloc");
    FatalError("");
    }
 
-if ((classes != NULL) && (spe = malloc(strlen(classes)+2)) == NULL)
+if (classes != NULL)
    {
-   CfLog(cferror,"","malloc");
-   FatalError("");
+   spelen = strlen(classes) + 2;
+   if ((spe = malloc(spelen)) == NULL)
+      {
+      CfLog(cferror,"","malloc");
+      FatalError("");
+      }
    }
 
-strcpy(sp,itemstring);
+(void)strlcpy(sp,itemstring,splen);
 ip->name = sp;
 ip->next = *liststart;
 ip->counter = 0;
@@ -249,7 +255,7 @@ ip->counter = 0;
 
 if (classes != NULL)
    {
-   strcpy(spe,classes);
+   (void)strlcpy(spe,classes,spelen);
    ip->classes = spe;
    }
 else
@@ -302,6 +308,7 @@ void AppendItem (struct Item **liststart
 
 { struct Item *ip, *lp;
   char *sp,*spe = NULL;
+  size_t splen, spelen = 0;
 
 if (!PARSING && (ACTION == editfiles))
    {
@@ -319,7 +326,8 @@ if ((ip = (struct Item *)malloc(sizeof(s
    FatalError("");
    }
 
-if ((sp = malloc(strlen(itemstring)+CF_EXTRASPC)) == NULL)
+splen = strlen(itemstring) + CF_EXTRASPC;
+if ((sp = malloc(splen)) == NULL)
    {
    CfLog(cferror,"","malloc");
    FatalError("");
@@ -338,20 +346,24 @@ else
    lp->next = ip;
    }
 
-if ((classes != NULL) && (spe = malloc(strlen(classes)+2)) == NULL)
+if (classes != NULL)
    {
-   CfLog(cferror,"","malloc");
-   FatalError("");
+   spelen = strlen(classes) + 2;
+   if ((spe = malloc(spelen)) == NULL)
+      {
+      CfLog(cferror,"","malloc");
+      FatalError("");
+      }
    }
 
-strcpy(sp,itemstring);
+(void)strlcpy(sp,itemstring,splen);
 ip->name = sp;
 ip->next = NULL;
 ip->counter = 0;
  
 if (classes != NULL)
    {
-   strcpy(spe,classes);
+   (void)strlcpy(spe,classes,spelen);
    ip->classes = spe;
    }
 else
@@ -369,6 +381,7 @@ void InstallItem (struct Item **liststar
 
 { struct Item *ip, *lp;
   char *sp,*spe = NULL;
+  size_t splen, spelen = 0;
 
 if (!PARSING && (ACTION == editfiles))
    {
@@ -387,7 +400,8 @@ if ((ip = (struct Item *)malloc(sizeof(s
    FatalError("");
    }
 
-if ((sp = malloc(strlen(itemstring)+CF_EXTRASPC)) == NULL)
+splen = strlen(itemstring) + CF_EXTRASPC;
+if ((sp = malloc(splen)) == NULL)
    {
    CfLog(cferror,"","malloc");
    FatalError("");
@@ -406,13 +420,17 @@ else
    lp->next = ip;
    }
 
-if ((classes!= NULL) && (spe = malloc(strlen(classes)+2)) == NULL)
+if (classes!= NULL)
    {
-   CfLog(cferror,"","malloc");
-   FatalError("");
+   spelen = strlen(classes) + 2;
+   if ((spe = malloc(spelen)) == NULL)
+      {
+      CfLog(cferror,"","malloc");
+      FatalError("");
+      }
    }
 
-strcpy(sp,itemstring);
+(void)strlcpy(sp,itemstring,splen);
 
 if (PIFELAPSED != -1)
    {
@@ -437,7 +455,7 @@ ip->next = NULL;
 
 if (classes != NULL)
    {
-   strcpy(spe,classes);
+   (void)strlcpy(spe,classes,spelen);
    ip->classes = spe;
    }
 else
@@ -1072,7 +1090,7 @@ char *s1, *s2;
      return 1;
      }
   sscanf(sp,"%ld",&cmp);
-  Debug("SRDEBUG extracted int %d\n",cmp,sp);
+  Debug("SRDEBUG extracted int %d from %s\n",cmp,sp);
 
   /* HvB basename is */
   strncpy(host_basename, s2, strlen(s2) - strlen(sp));
@@ -1121,7 +1139,7 @@ struct Item *SplitStringAsItemList(char 
   
 Debug("SplitStringAsItemList(%s,%c)\n",string,sep);
 
-sprintf(format,"%%255[^%c]",sep);   /* set format string to search */
+(void)snprintf(format,sizeof(format),"%%255[^%c]",sep);   /* set format string to search */
 
 for (sp = string; *sp != '\0'; sp++)
    {
