$OpenBSD: patch-webalizer_c,v 1.3 2002/04/17 16:17:45 danh Exp $ --- webalizer.c.orig Wed Apr 17 11:59:59 2002 +++ webalizer.c Wed Apr 17 12:05:26 2002 @@ -263,7 +263,7 @@ int main(int argc, char *argv[]) /* add default index. alias */ add_nlist("index.",&index_alias); - sprintf(tmp_buf,"%s/webalizer.conf",ETCDIR); + snprintf(tmp_buf,sizeof tmp_buf,"%s/webalizer.conf",ETCDIR); /* check for default config file */ if (!access("webalizer.conf",F_OK)) get_config("webalizer.conf"); @@ -560,7 +560,7 @@ int main(int argc, char *argv[]) } /* got a record... */ - strcpy(tmp_buf, buffer); /* save buffer in case of error */ + strlcpy(tmp_buf, buffer, sizeof tmp_buf); /* save buffer in case of error */ if (parse_record(buffer)) /* parse the record */ { /*********************************************/ @@ -750,7 +750,7 @@ int main(int argc, char *argv[]) if (!isurlchar(*cp1)) { /* Save query portion in log.rec.srchstr */ - strncpy(log_rec.srchstr,cp1,MAXSRCH); + strlcpy(log_rec.srchstr,cp1,sizeof log_rec.srchstr); *cp1++='\0'; break; } @@ -1007,7 +1007,7 @@ int main(int argc, char *argv[]) /* Catch blank hostnames here */ if (log_rec.hostname[0]=='\0') - strncpy(log_rec.hostname,"Unknown",8); + strlcpy(log_rec.hostname,"Unknown",sizeof log_rec.hostname); /* Ignore/Include check */ if ( (isinlist(include_sites,log_rec.hostname)==NULL) && @@ -1809,7 +1809,7 @@ void srch_string(char *ptr) if ( (cps=isinglist(search_list,log_rec.refer))==NULL) return; /* Try to find query variable */ - srch[0]='?'; strcpy(&srch[1],cps); /* First, try "?..." */ + srch[0]='?'; strlcpy(&srch[1],cps,(sizeof srch) - 1); /* First, try "?..." */ if ((cp1=strstr(ptr,srch))==NULL) { srch[0]='&'; /* Next, try "&..." */