$OpenBSD: patch-Source_cmSystemTools_cxx,v 1.6 2008/01/26 21:26:32 espie Exp $
--- Source/cmSystemTools.cxx.orig	Sat Jan 26 20:49:32 2008
+++ Source/cmSystemTools.cxx	Sat Jan 26 20:52:09 2008
@@ -1365,11 +1365,18 @@ class cmDeletingCharVector : public std::vector<char*>
 };
 
         
+char* cmSystemTools::dupstring(const char* src)
+{
+  size_t sz = strlen(src)+1;
+  char* dest = new char[sz];
+  strlcpy(dest, src, sz);
+  return dest;
+}
+
 bool cmSystemTools::PutEnv(const char* value)
 { 
   static cmDeletingCharVector localEnvironment;
-  char* envVar = new char[strlen(value)+1];
-  strcpy(envVar, value);
+  char* envVar = dupstring(value);
   int ret = putenv(envVar);
   // save the pointer in the static vector so that it can
   // be deleted on exit
@@ -1428,7 +1435,7 @@ std::string cmSystemTools::MakeXMLSafe(const char* str
          && ch != '\r' )
       {
       char buffer[33];
-      sprintf(buffer, "&lt;%d&gt;", static_cast<int>(ch));
+      snprintf(buffer, sizeof buffer, "&lt;%d&gt;", static_cast<int>(ch));
       //sprintf(buffer, "&#x%0x;", (unsigned int)ch);
       result.insert(result.end(), buffer, buffer+strlen(buffer));
       }
@@ -1579,9 +1586,8 @@ bool cmSystemTools::CreateTar(const char* outFileName,
   };
 
   // Ok, this libtar is not const safe. for now use auto_ptr hack
-  char* realName = new char[ strlen(outFileName) + 1 ];
+  char* realName = dupstring(outFileName);
   std::auto_ptr<char> realNamePtr(realName);
-  strcpy(realName, outFileName);
   int options = 0;
   if(verbose)
     {
@@ -1658,9 +1664,8 @@ bool cmSystemTools::ExtractTar(const char* outFileName
   };
 
   // Ok, this libtar is not const safe. for now use auto_ptr hack
-  char* realName = new char[ strlen(outFileName) + 1 ];
+  char* realName = dupstring(outFileName);
   std::auto_ptr<char> realNamePtr(realName);
-  strcpy(realName, outFileName);
   if (tar_open(&t, realName,
       (gzip? &gztype : NULL),
       O_RDONLY
@@ -1712,9 +1717,8 @@ bool cmSystemTools::ListTar(const char* outFileName, 
   };
 
   // Ok, this libtar is not const safe. for now use auto_ptr hack
-  char* realName = new char[ strlen(outFileName) + 1 ];
+  char* realName = dupstring(outFileName);
   std::auto_ptr<char> realNamePtr(realName);
-  strcpy(realName, outFileName);
   if (tar_open(&t, realName,
       (gzip? &gztype : NULL),
       O_RDONLY
