$OpenBSD: patch-Source_kwsys_ProcessUNIX_c,v 1.4 2007/03/20 11:23:10 espie Exp $
--- Source/kwsys/ProcessUNIX.c.orig	Wed Jan 10 18:59:15 2007
+++ Source/kwsys/ProcessUNIX.c	Sun Mar 18 13:52:03 2007
@@ -457,12 +457,13 @@ int kwsysProcess_SetWorkingDirectory(kwsysProcess* cp,
     }
   if(dir)
     {
-    cp->WorkingDirectory = (char*)malloc(strlen(dir) + 1);
+    size_t sz = strlen(dir) + 1;
+    cp->WorkingDirectory = (char*)malloc(sz);
     if(!cp->WorkingDirectory)
       {
       return 0;
       }
-    strcpy(cp->WorkingDirectory, dir);
+    strlcpy(cp->WorkingDirectory, dir, sz);
     }
   return 1;
 }
@@ -489,12 +490,13 @@ int kwsysProcess_SetPipeFile(kwsysProcess* cp, int prP
     }
   if(file)
     {
-    *pfile = malloc(strlen(file)+1);
+    size_t sz = strlen(file)+1;
+    *pfile = malloc(sz);
     if(!*pfile)
       {
       return 0;
       }
-    strcpy(*pfile, file);
+    strlcpy(*pfile, file, sz);
     }
 
   /* If we are redirecting the pipe, do not share it or use a native
@@ -670,7 +672,7 @@ void kwsysProcess_Execute(kwsysProcess* cp)
   /* Initialize the control structure for a new process.  */
   if(!kwsysProcessInitialize(cp))
     {
-    strcpy(cp->ErrorMessage, "Out of memory");
+    strlcpy(cp->ErrorMessage, "Out of memory", sizeof(cp->ErrorMessage));
     cp->State = kwsysProcess_State_Error;
     return;
     }
@@ -1021,7 +1023,7 @@ int kwsysProcess_WaitForData(kwsysProcess* cp, char** 
       {
       /* Select returned an error.  Leave the error description in the
          pipe buffer.  */
-      strncpy(cp->ErrorMessage, strerror(errno), KWSYSPE_PIPE_BUFFER_SIZE);
+      strlcpy(cp->ErrorMessage, strerror(errno), sizeof(cp->ErrorMessage));
 
       /* Kill the children now.  */
       kwsysProcess_Kill(cp);
@@ -1146,7 +1148,7 @@ int kwsysProcess_WaitForExit(kwsysProcess* cp, double*
   else
     {
     /* Error getting the child return code.  */
-    strcpy(cp->ErrorMessage, "Error getting child return code.");
+    strlcpy(cp->ErrorMessage, "Error getting child return code.", sizeof(cp->ErrorMessage));
     cp->State = kwsysProcess_State_Error;
     }
 
@@ -1222,7 +1224,7 @@ static int kwsysProcessInitialize(kwsysProcess* cp)
   cp->ExitCode = 1;
   cp->ExitValue = 1;
   cp->ErrorMessage[0] = 0;
-  strcpy(cp->ExitExceptionString, "No exception");
+  strlcpy(cp->ExitExceptionString, "No exception", sizeof(cp->ExitExceptionString));
 
   if(cp->ForkPIDs)
     {
@@ -1589,7 +1591,7 @@ static void kwsysProcessDestroy(kwsysProcess* cp)
       else if(result < 0 && cp->State != kwsysProcess_State_Error)
         {
         /* Unexpected error.  Report the first time this happens.  */
-        strncpy(cp->ErrorMessage, strerror(errno), KWSYSPE_PIPE_BUFFER_SIZE);
+        strlcpy(cp->ErrorMessage, strerror(errno), sizeof(cp->ErrorMessage));
         cp->State = kwsysProcess_State_Error;
         }
       }
@@ -1784,7 +1786,7 @@ static kwsysProcessTime kwsysProcessTimeSubtract(kwsys
 /*--------------------------------------------------------------------------*/
 #define KWSYSPE_CASE(type, str) \
   cp->ExitException = kwsysProcess_Exception_##type; \
-  strcpy(cp->ExitExceptionString, str)
+  strlcpy(cp->ExitExceptionString, str, sizeof(cp->ExitExceptionString))
 static void kwsysProcessSetExitException(kwsysProcess* cp, int sig)
 {
   switch (sig)
@@ -1903,7 +1905,8 @@ static void kwsysProcessSetExitException(kwsysProcess*
 #endif
     default:
       cp->ExitException = kwsysProcess_Exception_Other;
-      sprintf(cp->ExitExceptionString, "Signal %d", sig);
+      snprintf(cp->ExitExceptionString, sizeof(cp->ExitExceptionString),
+      	"Signal %d", sig);
       break;
     }
 }
@@ -1916,8 +1919,8 @@ static void kwsysProcessSetExitException(kwsysProcess*
 static void kwsysProcessChildErrorExit(int errorPipe)
 {
   /* Construct the error message.  */
-  char buffer[KWSYSPE_PIPE_BUFFER_SIZE];
-  strncpy(buffer, strerror(errno), KWSYSPE_PIPE_BUFFER_SIZE);
+  char buffer[KWSYSPE_PIPE_BUFFER_SIZE+1];
+  strlcpy(buffer, strerror(errno), KWSYSPE_PIPE_BUFFER_SIZE+1);
 
   /* Report the error to the parent through the special pipe.  */
   write(errorPipe, buffer, strlen(buffer));
@@ -2145,7 +2148,7 @@ static void kwsysProcessKill(pid_t process_id)
       if(sscanf(d->d_name, "%d", &pid) == 1 && pid != 0)
         {
         struct stat finfo;
-        sprintf(fname, "/proc/%d/stat", pid);
+        snprintf(fname, sizeof fname, "/proc/%d/stat", pid);
         if(stat(fname, &finfo) == 0)
           {
           FILE* f = fopen(fname, "r");
