$OpenBSD: patch-balance_c,v 1.6 2003/06/30 18:46:23 pvalchev Exp $
--- balance.c.orig	Sat Sep 15 16:34:56 2001
+++ balance.c	Tue Jun 24 11:35:55 2003
@@ -673,11 +673,13 @@ static usage() {
   char* version;
   char* revision_copy;
   char* token;
+  size_t rev_len;
 
-  if((revision_copy=(char*) malloc(strlen(revision)+1))==NULL) {
+  rev_len = strlen(revision)+1;
+  if((revision_copy=(char*) malloc(rev_len))==NULL) {
     fprintf(stderr,"malloc problem in usage()\n");
   } else {
-    strcpy(revision_copy, revision);
+    strlcpy(revision_copy, revision, rev_len);
     token=strtok(revision_copy," ");
     token=strtok(NULL," ");
     version=token!=NULL?token:"*undefined*";
@@ -882,7 +884,8 @@ shell() {
 	printf("  version               show version id\n");
 
       } else if(mycmp(command,"disable")) {
-        char* arg, n; 
+        char* arg;
+	int n;
         if((arg=strtok(NULL," \t\n")) != NULL) {
 	  n=atoi(arg);
 	  if(n<0 || n >= grp_nchannels(common,currentgroup)) {
@@ -900,7 +903,8 @@ shell() {
 	  printf("syntax error\n");
 	}
       } else if(mycmp(command,"group")) {
-        char* arg, n; 
+        char* arg;
+	int n;
         if((arg=strtok(NULL," \t\n")) != NULL) {
 	  n=atoi(arg);
           if(n>=MAXGROUPS || n<0) {
@@ -913,7 +917,8 @@ shell() {
 	}
 
       } else if(mycmp(command,"reset")) {	// reset channel counters
-        char* arg, n; 
+        char* arg;
+	int n;
 
         if((arg=strtok(NULL," \t\n")) != NULL) {
 	  n=atoi(arg);
@@ -931,7 +936,8 @@ shell() {
 
       } else if(mycmp(command,"enable")) {
 
-        char* arg, n; 
+        char* arg;
+	int n;
         if((arg=strtok(NULL," \t\n")) != NULL) {
 	  n=atoi(arg);
 	  if(n<0 || n >= grp_nchannels(common,currentgroup)) {
@@ -1122,10 +1128,10 @@ char	*argv[];
   serv_addr.sin_family      = AF_INET;
   if(bindhost != NULL) {
     setipaddress(&serv_addr.sin_addr, bindhost);
-    sprintf(bindhost_address, inet_ntoa(serv_addr.sin_addr));
+    snprintf(bindhost_address, sizeof(bindhost_address), inet_ntoa(serv_addr.sin_addr));
   } else {
     serv_addr.sin_addr.s_addr=htonl(INADDR_ANY);
-    sprintf(bindhost_address,"0.0.0.0");
+    snprintf(bindhost_address, sizeof(bindhost_address), "0.0.0.0");
   }
   serv_addr.sin_port=htons(source_port);
 
@@ -1135,7 +1141,7 @@ char	*argv[];
      struct stat buffer;
      int fd;
 
-     sprintf(rendezvousfile,"%sbalance.%d.%s",SHMDIR,source_port,bindhost_address);
+     snprintf(rendezvousfile, sizeof(rendezvousfile), "%sbalance.%d.%s", SHMDIR, source_port, bindhost_address);
 
      if(stat(rendezvousfile, &buffer) == -1) {
        // File existiert (noch) nicht ...