$OpenBSD: patch-protocols_yahoo_yahoo_httplib_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ --- protocols/yahoo/yahoo_httplib.c.orig 2004-03-18 07:21:12.000000000 +1100 +++ protocols/yahoo/yahoo_httplib.c 2004-06-09 20:32:18.000000000 +1000 @@ -101,7 +101,7 @@ int yahoo_tcp_readline(char *ptr, int ma } static int url_to_host_port_path(const char *url, - char *host, int *port, char *path) + char *host, size_t host_len, int *port, char *path, size_t path_len) { char *urlcopy=NULL; char *slash=NULL; @@ -136,13 +136,13 @@ static int url_to_host_port_path(const c } if(!slash) { - strcpy(path, "/"); + strlcpy(path, "/", path_len); } else { - strcpy(path, slash); + strlcpy(path, slash, path_len); *slash = 0; } - strcpy(host, urlcopy); + strlcpy(host, urlcopy, host_len); FREE(urlcopy); @@ -159,8 +159,9 @@ char *yahoo_urlencode(const char *instr) int ipos=0, bpos=0; char *str = NULL; int len = strlen(instr); + size_t str_len = 3*len + 1; - if(!(str = y_new(char, 3*len + 1) )) + if(!(str = y_new(char, str_len) )) return ""; while(instr[ipos]) { @@ -169,7 +170,7 @@ char *yahoo_urlencode(const char *instr) if(!instr[ipos]) break; - snprintf(&str[bpos], 4, "%%%.2x", instr[ipos]); + snprintf(&str[bpos], str_len - bpos, "%%%.2x", instr[ipos]); bpos+=3; ipos++; } @@ -318,7 +319,7 @@ void yahoo_http_post(int id, const char char path[255]; char buff[1024]; - if(!url_to_host_port_path(url, host, &port, path)) + if(!url_to_host_port_path(url, host, sizeof(host), &port, path, sizeof(path))) return; snprintf(buff, sizeof(buff), @@ -343,7 +344,7 @@ void yahoo_http_get(int id, const char * char path[255]; char buff[1024]; - if(!url_to_host_port_path(url, host, &port, path)) + if(!url_to_host_port_path(url, host, sizeof(host), &port, path, sizeof(path))) return; snprintf(buff, sizeof(buff),