$OpenBSD: patch-Source_cmSystemTools_cxx,v 1.4 2007/03/20 11:23:10 espie Exp $
--- Source/cmSystemTools.cxx.orig	Wed Jan 10 18:59:13 2007
+++ Source/cmSystemTools.cxx	Sun Mar 18 13:52:03 2007
@@ -1274,12 +1274,18 @@ class cmDeletingCharVector : public std::vector<char*>
     }
 };
 
+char* cmSystemTools::dupstring(const char* src)
+{
+  size_t sz = strlen(src)+1;
+  char* dest = new char[sz];
+  strlcpy(dest, src, sz);
+  return dest;
+}
         
 bool cmSystemTools::PutEnv(const char* value)
 { 
   static cmDeletingCharVector localEnvironment;
-  char* envVar = new char[strlen(value)+1];
-  strcpy(envVar, value);
+  char* envVar = dupstring(value);
   int ret = putenv(envVar);
   // save the pointer in the static vector so that it can
   // be deleted on exit
@@ -1338,7 +1344,7 @@ std::string cmSystemTools::MakeXMLSafe(const char* str
          && ch != '\r' )
       {
       char buffer[33];
-      sprintf(buffer, "&lt;%d&gt;", static_cast<int>(ch));
+      snprintf(buffer, sizeof buffer, "&lt;%d&gt;", static_cast<int>(ch));
       //sprintf(buffer, "&#x%0x;", (unsigned int)ch);
       result.insert(result.end(), buffer, buffer+strlen(buffer));
       }
@@ -1489,9 +1495,8 @@ bool cmSystemTools::CreateTar(const char* outFileName,
   };
 
   // Ok, this libtar is not const safe. for now use auto_ptr hack
-  char* realName = new char[ strlen(outFileName) + 1 ];
+  char* realName = dupstring(outFileName);
   std::auto_ptr<char> realNamePtr(realName);
-  strcpy(realName, outFileName);
   if (tar_open(&t, realName,
       (gzip? &gztype : NULL),
       O_WRONLY | O_CREAT, 0644,
@@ -1561,9 +1566,8 @@ bool cmSystemTools::ExtractTar(const char* outFileName
   };
 
   // Ok, this libtar is not const safe. for now use auto_ptr hack
-  char* realName = new char[ strlen(outFileName) + 1 ];
+  char* realName = dupstring(outFileName);
   std::auto_ptr<char> realNamePtr(realName);
-  strcpy(realName, outFileName);
   if (tar_open(&t, realName,
       (gzip? &gztype : NULL),
       O_RDONLY
@@ -1615,9 +1619,8 @@ bool cmSystemTools::ListTar(const char* outFileName, 
   };
 
   // Ok, this libtar is not const safe. for now use auto_ptr hack
-  char* realName = new char[ strlen(outFileName) + 1 ];
+  char* realName = dupstring(outFileName);
   std::auto_ptr<char> realNamePtr(realName);
-  strcpy(realName, outFileName);
   if (tar_open(&t, realName,
       (gzip? &gztype : NULL),
       O_RDONLY
