$OpenBSD: patch-src_help_c,v 1.2 2007/07/17 12:45:49 ajacoutot Exp $
--- src/help.c.orig	Tue Sep 16 16:07:44 2003
+++ src/help.c	Tue Jul 17 14:26:29 2007
@@ -84,8 +84,9 @@ void help_run(char *node)
 char *cmd_start="xterm -e info '(xzgv)";
 char *cmd_end="' &";
 char *buf;
+int siz = strlen(cmd_start)+strlen(node)+strlen(cmd_end)+1;
 
-if((buf=malloc(strlen(cmd_start)+strlen(node)+strlen(cmd_end)+1))==NULL)
+if((buf=malloc(siz))==NULL)
   {
   /* if we're *that* low on memory, then error_dialog() will fail too,
    * so just return.
@@ -93,9 +94,9 @@ if((buf=malloc(strlen(cmd_start)+strlen(node)+strlen(c
   return;
   }
 
-strcpy(buf,cmd_start);
-strcat(buf,node);
-strcat(buf,cmd_end);
+strlcpy(buf,cmd_start,siz);
+strlcat(buf,node,siz);
+strlcat(buf,cmd_end,siz);
 
 /* XXX it turns out the error check is useless, as the `&' leads to
  * starting another shell which is the one to give any errors. The
@@ -106,13 +107,14 @@ if(system(buf)!=0)
   {
   char *msg="Couldn't run help command:\n";
   char *buf2;
+  int siz=strlen(msg)+strlen(buf)+1;
   
-  if((buf2=malloc(strlen(msg)+strlen(buf)+1))==NULL)
+  if((buf2=malloc(siz))==NULL)
     error_dialog("xzgv error",msg);
   else
     {
-    strcpy(buf2,msg);
-    strcat(buf2,buf);
+    strlcpy(buf2,msg,siz);
+    strlcat(buf2,buf,siz);
     error_dialog("xzgv error",buf2);
     free(buf2);
     }
