$OpenBSD: patch-protocols_yahoo_yahoo_httplib_c,v 1.1 2004/06/20 16:27:49 naddy Exp $
--- protocols/yahoo/yahoo_httplib.c.orig	2004-03-18 07:21:12.000000000 +1100
+++ protocols/yahoo/yahoo_httplib.c	2004-06-09 20:32:18.000000000 +1000
@@ -101,7 +101,7 @@ int yahoo_tcp_readline(char *ptr, int ma
 }
 
 static int url_to_host_port_path(const char *url,
-		char *host, int *port, char *path)
+		char *host, size_t host_len, int *port, char *path, size_t path_len)
 {
 	char *urlcopy=NULL;
 	char *slash=NULL;
@@ -136,13 +136,13 @@ static int url_to_host_port_path(const c
 	}
 
 	if(!slash) {
-		strcpy(path, "/");
+		strlcpy(path, "/", path_len);
 	} else {
-		strcpy(path, slash);
+		strlcpy(path, slash, path_len);
 		*slash = 0;
 	}
 
-	strcpy(host, urlcopy);
+	strlcpy(host, urlcopy, host_len);
 	
 	FREE(urlcopy);
 
@@ -159,8 +159,9 @@ char *yahoo_urlencode(const char *instr)
 	int ipos=0, bpos=0;
 	char *str = NULL;
 	int len = strlen(instr);
+	size_t str_len = 3*len + 1;
 
-	if(!(str = y_new(char, 3*len + 1) ))
+	if(!(str = y_new(char, str_len) ))
 		return "";
 
 	while(instr[ipos]) {
@@ -169,7 +170,7 @@ char *yahoo_urlencode(const char *instr)
 		if(!instr[ipos])
 			break;
 		
-		snprintf(&str[bpos], 4, "%%%.2x", instr[ipos]);
+		snprintf(&str[bpos], str_len - bpos, "%%%.2x", instr[ipos]);
 		bpos+=3;
 		ipos++;
 	}
@@ -318,7 +319,7 @@ void yahoo_http_post(int id, const char 
 	char path[255];
 	char buff[1024];
 	
-	if(!url_to_host_port_path(url, host, &port, path))
+	if(!url_to_host_port_path(url, host, sizeof(host), &port, path, sizeof(path)))
 		return;
 
 	snprintf(buff, sizeof(buff), 
@@ -343,7 +344,7 @@ void yahoo_http_get(int id, const char *
 	char path[255];
 	char buff[1024];
 	
-	if(!url_to_host_port_path(url, host, &port, path))
+	if(!url_to_host_port_path(url, host, sizeof(host), &port, path, sizeof(path)))
 		return;
 
 	snprintf(buff, sizeof(buff),