$OpenBSD: patch-protocols_yahoo_yahoo_httplib_c,v 1.2 2006/04/11 15:11:33 naddy Exp $
--- protocols/yahoo/yahoo_httplib.c.orig	Wed Nov 30 23:07:43 2005
+++ protocols/yahoo/yahoo_httplib.c	Sun Jan 29 03:23:16 2006
@@ -97,7 +97,7 @@ int yahoo_tcp_readline(char *ptr, int ma
 }
 
 static int url_to_host_port_path(const char *url,
-		char *host, int *port, char *path)
+		char *host, size_t host_len, int *port, char *path, size_t path_len)
 {
 	char *urlcopy=NULL;
 	char *slash=NULL;
@@ -132,13 +132,13 @@ static int url_to_host_port_path(const c
 	}
 
 	if(!slash) {
-		strcpy(path, "/");
+		strlcpy(path, "/", path_len);
 	} else {
-		strcpy(path, slash);
+		strlcpy(path, slash, path_len);
 		*slash = 0;
 	}
 
-	strcpy(host, urlcopy);
+	strlcpy(host, urlcopy, host_len);
 	
 	FREE(urlcopy);
 
@@ -155,8 +155,9 @@ char *yahoo_urlencode(const char *instr)
 	int ipos=0, bpos=0;
 	char *str = NULL;
 	int len = strlen(instr);
+	size_t str_len = 3*len + 1;
 
-	if(!(str = y_new(char, 3*len + 1) ))
+	if(!(str = y_new(char, str_len) ))
 		return "";
 
 	while(instr[ipos]) {
@@ -165,7 +166,7 @@ char *yahoo_urlencode(const char *instr)
 		if(!instr[ipos])
 			break;
 		
-		snprintf(&str[bpos], 4, "%%%.2x", instr[ipos]);
+		snprintf(&str[bpos], str_len - bpos, "%%%.2x", instr[ipos]);
 		bpos+=3;
 		ipos++;
 	}
@@ -314,7 +315,7 @@ void yahoo_http_post(int id, const char 
 	char path[255];
 	char buff[1024];
 	
-	if(!url_to_host_port_path(url, host, &port, path))
+	if(!url_to_host_port_path(url, host, sizeof(host), &port, path, sizeof(path)))
 		return;
 
 	snprintf(buff, sizeof(buff), 
@@ -339,7 +340,7 @@ void yahoo_http_get(int id, const char *
 	char path[255];
 	char buff[1024];
 	
-	if(!url_to_host_port_path(url, host, &port, path))
+	if(!url_to_host_port_path(url, host, sizeof(host), &port, path, sizeof(path)))
 		return;
 
 	snprintf(buff, sizeof(buff), 
