$OpenBSD: patch-Source_kwsys_ProcessUNIX_c,v 1.2 2006/07/31 23:55:52 espie Exp $
--- Source/kwsys/ProcessUNIX.c.orig	Mon Jul 31 16:49:59 2006
+++ Source/kwsys/ProcessUNIX.c	Tue Aug  1 01:03:42 2006
@@ -430,12 +430,13 @@ int kwsysProcess_SetWorkingDirectory(kws
     }
   if(dir)
     {
-    cp->WorkingDirectory = (char*)malloc(strlen(dir) + 1);
+    size_t sz = strlen(dir) + 1;
+    cp->WorkingDirectory = (char*)malloc(sz);
     if(!cp->WorkingDirectory)
       {
       return 0;
       }
-    strcpy(cp->WorkingDirectory, dir);
+    strlcpy(cp->WorkingDirectory, dir, sz);
     }
   return 1;
 }
@@ -462,12 +463,13 @@ int kwsysProcess_SetPipeFile(kwsysProces
     }
   if(file)
     {
-    *pfile = malloc(strlen(file)+1);
+    size_t sz = strlen(file)+1;
+    *pfile = malloc(sz);
     if(!*pfile)
       {
       return 0;
       }
-    strcpy(*pfile, file);
+    strlcpy(*pfile, file, sz);
     }
 
   /* If we are redirecting the pipe, do not share it.  */
@@ -600,7 +602,7 @@ void kwsysProcess_Execute(kwsysProcess* 
   /* Initialize the control structure for a new process.  */
   if(!kwsysProcessInitialize(cp))
     {
-    strcpy(cp->ErrorMessage, "Out of memory");
+    strlcpy(cp->ErrorMessage, "Out of memory", sizeof(cp->ErrorMessage));
     cp->State = kwsysProcess_State_Error;
     return;
     }
@@ -938,7 +940,7 @@ int kwsysProcess_WaitForData(kwsysProces
       {
       /* Select returned an error.  Leave the error description in the
          pipe buffer.  */
-      strncpy(cp->ErrorMessage, strerror(errno), KWSYSPE_PIPE_BUFFER_SIZE);
+      strlcpy(cp->ErrorMessage, strerror(errno), sizeof(cp->ErrorMessage));
 
       /* Kill the children now.  */
       kwsysProcess_Kill(cp);
@@ -1063,7 +1065,7 @@ int kwsysProcess_WaitForExit(kwsysProces
   else
     {
     /* Error getting the child return code.  */
-    strcpy(cp->ErrorMessage, "Error getting child return code.");
+    strlcpy(cp->ErrorMessage, "Error getting child return code.", sizeof(cp->ErrorMessage));
     cp->State = kwsysProcess_State_Error;
     }
 
@@ -1139,7 +1141,7 @@ static int kwsysProcessInitialize(kwsysP
   cp->ExitCode = 1;
   cp->ExitValue = 1;
   cp->ErrorMessage[0] = 0;
-  strcpy(cp->ExitExceptionString, "No exception");
+  strlcpy(cp->ExitExceptionString, "No exception", sizeof(cp->ExitExceptionString));
 
   if(cp->ForkPIDs)
     {
@@ -1482,7 +1484,7 @@ static void kwsysProcessDestroy(kwsysPro
       else if(result < 0 && cp->State != kwsysProcess_State_Error)
         {
         /* Unexpected error.  Report the first time this happens.  */
-        strncpy(cp->ErrorMessage, strerror(errno), KWSYSPE_PIPE_BUFFER_SIZE);
+        strlcpy(cp->ErrorMessage, strerror(errno), sizeof(cp->ErrorMessage));
         cp->State = kwsysProcess_State_Error;
         }
       }
@@ -1657,7 +1659,7 @@ static kwsysProcessTime kwsysProcessTime
 /*--------------------------------------------------------------------------*/
 #define KWSYSPE_CASE(type, str) \
   cp->ExitException = kwsysProcess_Exception_##type; \
-  strcpy(cp->ExitExceptionString, str)
+  strlcpy(cp->ExitExceptionString, str, sizeof(cp->ExitExceptionString))
 static void kwsysProcessSetExitException(kwsysProcess* cp, int sig)
 {
   switch (sig)
@@ -1776,7 +1778,8 @@ static void kwsysProcessSetExitException
 #endif
     default:
       cp->ExitException = kwsysProcess_Exception_Other;
-      sprintf(cp->ExitExceptionString, "Signal %d", sig);
+      snprintf(cp->ExitExceptionString, sizeof(cp->ExitExceptionString),
+      	"Signal %d", sig);
       break;
     }
 }
@@ -1789,8 +1792,8 @@ static void kwsysProcessSetExitException
 static void kwsysProcessChildErrorExit(int errorPipe)
 {
   /* Construct the error message.  */
-  char buffer[KWSYSPE_PIPE_BUFFER_SIZE];
-  strncpy(buffer, strerror(errno), KWSYSPE_PIPE_BUFFER_SIZE);
+  char buffer[KWSYSPE_PIPE_BUFFER_SIZE+1];
+  strlcpy(buffer, strerror(errno), KWSYSPE_PIPE_BUFFER_SIZE+1);
 
   /* Report the error to the parent through the special pipe.  */
   write(errorPipe, buffer, strlen(buffer));
@@ -2018,7 +2021,7 @@ static void kwsysProcessKill(pid_t proce
       if(sscanf(d->d_name, "%d", &pid) == 1 && pid != 0)
         {
         struct stat finfo;
-        sprintf(fname, "/proc/%d/stat", pid);
+        snprintf(fname, sizeof fname, "/proc/%d/stat", pid);
         if(stat(fname, &finfo) == 0)
           {
           FILE* f = fopen(fname, "r");
