$OpenBSD: patch-webalizer_c,v 1.3 2002/04/17 16:17:45 danh Exp $
--- webalizer.c.orig	Wed Apr 17 11:59:59 2002
+++ webalizer.c	Wed Apr 17 12:05:26 2002
@@ -263,7 +263,7 @@ int main(int argc, char *argv[])
    /* add default index. alias */
    add_nlist("index.",&index_alias);
 
-   sprintf(tmp_buf,"%s/webalizer.conf",ETCDIR);
+   snprintf(tmp_buf,sizeof tmp_buf,"%s/webalizer.conf",ETCDIR);
    /* check for default config file */
    if (!access("webalizer.conf",F_OK))
       get_config("webalizer.conf");
@@ -560,7 +560,7 @@ int main(int argc, char *argv[])
       }
 
       /* got a record... */
-      strcpy(tmp_buf, buffer);            /* save buffer in case of error */
+      strlcpy(tmp_buf, buffer, sizeof tmp_buf);            /* save buffer in case of error */
       if (parse_record(buffer))           /* parse the record             */
       {
          /*********************************************/
@@ -750,7 +750,7 @@ int main(int argc, char *argv[])
                if (!isurlchar(*cp1))
                {
                   /* Save query portion in log.rec.srchstr */
-                  strncpy(log_rec.srchstr,cp1,MAXSRCH);
+                  strlcpy(log_rec.srchstr,cp1,sizeof log_rec.srchstr);
                   *cp1++='\0';
                   break;
                }
@@ -1007,7 +1007,7 @@ int main(int argc, char *argv[])
 
          /* Catch blank hostnames here */
          if (log_rec.hostname[0]=='\0')
-            strncpy(log_rec.hostname,"Unknown",8);
+            strlcpy(log_rec.hostname,"Unknown",sizeof log_rec.hostname);
 
          /* Ignore/Include check */
          if ( (isinlist(include_sites,log_rec.hostname)==NULL) &&
@@ -1809,7 +1809,7 @@ void srch_string(char *ptr)
    if ( (cps=isinglist(search_list,log_rec.refer))==NULL) return; 
 
    /* Try to find query variable */
-   srch[0]='?'; strcpy(&srch[1],cps);              /* First, try "?..."      */
+   srch[0]='?'; strlcpy(&srch[1],cps,(sizeof srch) - 1);              /* First, try "?..."      */
    if ((cp1=strstr(ptr,srch))==NULL)
    {
       srch[0]='&';                                 /* Next, try "&..."       */
