$OpenBSD: patch-Source_kwsys_SystemTools_cxx,v 1.2 2006/07/31 23:55:52 espie Exp $
--- Source/kwsys/SystemTools.cxx.orig	Mon Jul 31 16:49:59 2006
+++ Source/kwsys/SystemTools.cxx	Tue Aug  1 00:32:20 2006
@@ -919,13 +919,14 @@ char* SystemTools::AppendStrings(const c
     return SystemTools::DuplicateString(str1);
     }
   size_t len1 = strlen(str1);
-  char *newstr = new char[len1 + strlen(str2) + 1];
+  size_t tot = len1 + strlen(str2) + 1;
+  char *newstr = new char[tot];
   if (!newstr)
     {
     return 0;
     }
-  strcpy(newstr, str1);
-  strcat(newstr + len1, str2);
+  strlcpy(newstr, str1, tot);
+  strlcat(newstr + len1, str2, tot - len1);
   return newstr;
 }
 
@@ -946,14 +947,15 @@ char* SystemTools::AppendStrings(
     }
 
   size_t len1 = strlen(str1), len2 = strlen(str2);
-  char *newstr = new char[len1 + len2 + strlen(str3) + 1];
+  size_t tot = len1 + len2 + strlen(str3) + 1;
+  char *newstr = new char[tot];
   if (!newstr)
     {
     return 0;
     }
-  strcpy(newstr, str1);
-  strcat(newstr + len1, str2);
-  strcat(newstr + len1 + len2, str3);
+  strlcpy(newstr, str1, tot);
+  strlcat(newstr + len1, str2, tot - len1);
+  strlcat(newstr + len1 + len2, str3, tot - len1 - len2);
   return newstr;
 }
 
@@ -1121,8 +1123,10 @@ char* SystemTools::DuplicateString(const
 {
   if (str)
     {
-    char *newstr = new char [strlen(str) + 1];
-    return strcpy(newstr, str);
+    size_t sz = strlen(str)+1;
+    char *newstr = new char [sz];
+    strlcpy(newstr, str, sz);
+    return newstr;
     }
   return NULL;
 }
@@ -1783,7 +1787,7 @@ bool SystemTools::ConvertDateMacroString
   static char month_names[] = "JanFebMarAprMayJunJulAugSepOctNovDec";
 
   char buffer[12];
-  strcpy(buffer, str);
+  strlcpy(buffer, str, sizeof buffer);
 
   buffer[3] = 0;
   char *ptr = strstr(month_names, buffer);
@@ -1834,7 +1838,7 @@ bool SystemTools::ConvertTimeStampMacroS
   static char month_names[] = "JanFebMarAprMayJunJulAugSepOctNovDec";
 
   char buffer[27];
-  strcpy(buffer, str);
+  strlcpy(buffer, str, sizeof buffer);
 
   buffer[7] = 0;
   char *ptr = strstr(month_names, buffer + 4);
@@ -3245,12 +3249,12 @@ bool SystemTools::GetShortPath(const cha
   // if the path passed in has quotes around it, first remove the quotes
   if (path[0] == '"' && path[strlen(path)-1] == '"')
     {
-    strcpy(tempPath,path+1);
+    strlcpy(tempPath,path+1, size);
     tempPath[strlen(tempPath)-1] = '\0';
     }
   else
     {
-    strcpy(tempPath,path);
+    strlcpy(tempPath,path, size);
     }
   
   buffer[0] = 0;