$OpenBSD: patch-balance_c,v 1.7 2007/05/29 18:56:24 rui Exp $
--- balance.c.orig	Sun May 27 18:49:46 2007
+++ balance.c	Sun May 27 18:55:58 2007
@@ -809,11 +809,13 @@ void initialize_release_variables(void)
   char *version;
   char *revision_copy;
   char *token;
+  size_t rev_len;
 
-  if ((revision_copy = (char *) malloc(strlen(revision) + 1)) == NULL) {
+  rev_len = strlen(revision)+1;
+  if ((revision_copy = (char *) malloc(rev_len)) == NULL) {
     fprintf(stderr, "malloc problem in initialize_release_variables()\n");
   } else {
-    strcpy(revision_copy, revision);
+    strlcpy(revision_copy, revision, rev_len);
     token = strtok(revision_copy, " ");
     token = strtok(NULL, " ");
     version = token != NULL ? token : "0.0";
@@ -1136,7 +1138,8 @@ int shell(char *argument)
 	  printf("syntax error\n");
 	}
       } else if (mycmp(command, "group")) {
-	char *arg, n;
+	char *arg;
+	int n;
 	if ((arg = strtok(NULL, " \t\n")) != NULL) {
 	  n = atoi(arg);
 	  if (n >= MAXGROUPS || n < 0) {
@@ -1472,10 +1475,10 @@ int main(int argc, char *argv[])
   serv_addr.sin_family = AF_INET;
   if (bindhost != NULL) {
     setipaddress(&serv_addr.sin_addr, bindhost);
-    sprintf(bindhost_address, inet_ntoa(serv_addr.sin_addr));
+    snprintf(bindhost_address, sizeof(bindhost_address), inet_ntoa(serv_addr.sin_addr));
   } else {
     serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
-    sprintf(bindhost_address, "0.0.0.0");
+    snprintf(bindhost_address, sizeof(bindhost_address), "0.0.0.0");
   }
   serv_addr.sin_port = htons(source_port);
 
@@ -1493,7 +1496,7 @@ int main(int argc, char *argv[])
     }
     umask(old);
   }
-  sprintf(rendezvousfile, "%sbalance.%d.%s", SHMDIR, source_port,
+  snprintf(rendezvousfile, sizeof(rendezvousfile), "%sbalance.%d.%s", SHMDIR, source_port,
 	  bindhost_address);
 
   if (stat(rendezvousfile, &buffer) == -1) {
