$OpenBSD: patch-Http_cpp,v 1.3 2009/10/22 23:07:54 sthen Exp $
--- Http.cpp.orig	Thu Oct 23 10:51:17 2008
+++ Http.cpp	Thu Oct 15 17:59:28 2009
@@ -15,6 +15,7 @@
  */
 
 #include <cstdlib>
+#include <cerrno>
 #include <stdio.h>
 #include <string.h>
 
@@ -41,7 +42,10 @@ static void http_begin_cb( const Response* r, void* us
 static void http_data_cb( const Response* r, void* userdata,
 		   const unsigned char* data, int numbytes )
 {
-  fwrite( data, 1, numbytes, ((Http*)userdata)->m_file );
+  size_t byteswritten;
+  if ( ( byteswritten = fwrite( data, 1, numbytes, ((Http*)userdata)->m_file ) ) != numbytes )
+    fprintf(stderr, "Wrote %d, should have written %d, http status=%d %s\n",
+	    byteswritten, numbytes, r->getstatus(), r->getreason());
   ((Http*)userdata)->m_size += numbytes;
 }
 
@@ -60,7 +64,11 @@ static bool parseUri( const char * uri,
   if ( strncmp(uri,"http://",strlen("http://"))==0 ) {
     uri += strlen("http://");
   }
-  strcpy(outHost,uri);
+  if (strlcpy(outHost,uri,sizeof(outHost)) >= sizeof(outHost)) {
+	errno = ENAMETOOLONG;
+	perror("strlcpy");
+  	return false;
+  }
   char* e = strchr(outHost,'/');
   *outPort = 80;
 
@@ -72,7 +80,11 @@ static bool parseUri( const char * uri,
     *e = '\0';
     *outPort=atoi(e+1);
   }
-  strcpy( outPath, strchr(uri,'/') );
+  if (strlcpy( outPath, strchr(uri,'/'), sizeof(outPath)) >= sizeof(outPath)) {
+	errno = ENAMETOOLONG;
+	perror("strlcpy");
+  	return false;
+  }
   fprintf(stderr,"Http::get host=%s port=%d file=%s\n",outHost,*outPort,outPath);
   return true;
 }
@@ -97,13 +109,12 @@ bool Http::get( const char* uri,
 	fprintf(stderr,"http_get pump\n");
 	con.pump();
       }
-    } catch ( Wobbly w ) {
+    } catch ( const Wobbly& w ) {
       fprintf(stderr,"http_get wobbly: %s\n",w.what());
     }
   }
 
   fclose ( m_file );
-  free( host );
   return m_size > 0;
 }
 
@@ -126,10 +137,12 @@ bool Http::post( const char* uri, const char*putname, 
 	fprintf(stderr,"http_get pump\n");
 	con.pump();
       }
-    } catch ( Wobbly w ) {
+    } catch ( const Wobbly& w ) {
       fprintf(stderr,"http_get wobbly: %s\n",w.what());
+      return false;
     }
   }
+  return true;
 }