$OpenBSD: patch-gnats_file-pr_c,v 1.2 2007/12/28 17:11:25 espie Exp $
--- gnats/file-pr.c.orig	Tue May  8 16:09:45 2001
+++ gnats/file-pr.c	Fri Dec 28 18:00:24 2007
@@ -51,7 +51,6 @@ gnats (fp)
   char *subject = NULL, *synopsis = NULL;
   char *p;
   char message[STR_MAX];
-  char *from_address;
 
   mode_t mode;
   struct stat sbuf;
@@ -97,7 +96,8 @@ gnats (fp)
   bug_group = field_value (CATEGORY);
   if (find_category (&category, bug_group) == -1)
     {
-      sprintf (message, "%s from: %s\n", default_category, bug_group);
+      snprintf (message, sizeof(message), "%s from: %s\n", default_category,
+		bug_group);
       log_msg (LOG_INFO, 1, "resetting bug category to ", message);
       bug_group = default_category;
       set_field (CATEGORY, default_category);
@@ -170,7 +170,7 @@ gnats (fp)
       /* The `Subject:' line is assumed to have a newline at the end.  */
       int l = strlen (synopsis);
       char *buf = (char *) xmalloc (l + 2);
-      strcpy (buf, synopsis);
+      strlcpy (buf, synopsis, l + 2);
       buf[l] = '\n';
       buf[l + 1] = '\0';
       set_header (SUBJECT, buf);
@@ -209,7 +209,7 @@ gnats (fp)
   /* Put together the path to where the bug will be stored.  If the dir
      is not there, and the category is the default, auto-create that one,
      if we want to.  If not, make the bug pending, and store in there.  */
-  sprintf (path, "%s/%s", gnats_root, bug_group);
+  snprintf (path, PATH_MAX, "%s/%s", gnats_root, bug_group);
   err = stat (path, &sbuf);
   if (err == -1 && !flag_autocreate)
     {
@@ -217,7 +217,7 @@ gnats (fp)
       set_field (CATEGORY, default_category);
       log_msg (LOG_INFO, 1, "directory does not exist, changing to default:",
 	       path);
-      sprintf (path, "%s/%s", gnats_root, bug_group);
+      snprintf (path, PATH_MAX, "%s/%s", gnats_root, bug_group);
       err = stat (path, &sbuf);
     }
 
@@ -254,7 +254,7 @@ gnats (fp)
 
   /* Retrieve a unique bug number.  */
   bug_number = get_bug_number ();
-  sprintf (number, "%d", bug_number);
+  snprintf (number, sizeof(number), "%d", bug_number);
   set_field (NUMBER, number);
 
   /* Make sure all the values are ok; patch in any bogons, and keep
@@ -262,8 +262,8 @@ gnats (fp)
   bad_enums = check_enum_types (1);
  
   /* Write the file out.  */
-  sprintf (bug_name, "%s/%d", bug_group, bug_number);
-  sprintf (path, "%s/%s", gnats_root, bug_name);
+  snprintf (bug_name, sizeof(bug_name), "%s/%d", bug_group, bug_number);
+  snprintf (path, PATH_MAX, "%s/%s", gnats_root, bug_name);
   create_report (path, 1);
   log_msg (LOG_INFO, 1, "PR written out:", path);
 
@@ -345,9 +345,10 @@ run_atpr (submitter, expired, bug_name, path)
   int len, i;
   static char *ats[] = { "/usr/bin/at", "/bin/at", NULL };
 
-  at_pr = (char *) xmalloc (strlen (bindir) + 7);
-  strcpy (at_pr, bindir);
-  strcat (at_pr, "/at-pr");
+  len = strlen (bindir) + 7;
+  at_pr = (char *) xmalloc (len);
+  strlcpy (at_pr, bindir, len);
+  strlcat (at_pr, "/at-pr", len);
 
   len = strftime (buf, GNATS_TIME_LENGTH, "%H:%M %b %d", expired);
 
@@ -355,8 +356,9 @@ run_atpr (submitter, expired, bug_name, path)
     {
       if (access (ats[i], X_OK) == 0)
 	{
-	  command = (char *) xmalloc (len + strlen (ats[i]) + 2);
-	  sprintf (command, "%s %s", ats[i], buf);
+	  len += strlen (ats[i]) + 2;
+	  command = (char *) xmalloc (len);
+	  snprintf (command, len, "%s %s", ats[i], buf);
 	  break;
 	}
     }
@@ -410,7 +412,7 @@ check_if_reply ()
   if (*s == '\0')
     return NULL;
 
-  strcpy (token, s);
+  strlcpy (token, s, sizeof(token));
   s = token;
 
   re_set_syntax (RE_NO_BK_PARENS);
@@ -487,7 +489,7 @@ check_if_reply ()
   else
     {
       path = xmalloc (PATH_MAX);
-      sprintf (path, "%s/%s", gnats_root, s + start);
+      snprintf (path, PATH_MAX, "%s/%s", gnats_root, s + start);
     }
   if (stat (path, &buf) == -1)
     {
@@ -513,12 +515,11 @@ derive_submitter ()
   char *compare;
 
   char *name, *alias, *s, *t;
-  int i, start, end;
 
   FILE *fp;
 
   from_address = header_value (FROM);
-  strcpy (from_string, from_address);
+  strlcpy (from_string, from_address, sizeof(from_string));
 
   if ((*from_string == '\0') || (*from_string == '\n'))
   {
@@ -540,7 +541,7 @@ derive_submitter ()
       if ((*t == ' ') || (*t == '\n'))
 	*t = '\0';
     }
-  sprintf (path, "%s/gnats-adm/addresses", gnats_root);
+  snprintf (path, sizeof(path), "%s/gnats-adm/addresses", gnats_root);
   if ((fp = fopen (path, "r")) == (FILE *) NULL)
   {
     xfree (token);
@@ -686,8 +687,8 @@ append_notify (person)
 	   notify = (char *) xrealloc (notify, notify_size);
 	 }
 
-       strcat (notify, n);
-       strcat (notify, ", ");
+       strlcat (notify, n, STR_MAX);
+       strlcat (notify, ", ", STR_MAX);
        notify_len += i + 2;
 
        p = start;
@@ -701,14 +702,15 @@ append_notify (person)
 }
 
 static void
-try_append_notify (notify, string)
+try_append_notify (notify, string, len)
      char *notify;
      char *string;
+     size_t len;
 {
   char *try = append_notify (string);
   if (try != NULL)
     {
-      strcat (notify, try);
+      strlcat (notify, try, len);
       xfree (try);
     }
 }
@@ -729,13 +731,13 @@ notify_responsible (responsible, subcontact, subnotify
 
   notify[0] = '\0';
 
-  try_append_notify (notify, subcontact);
-  try_append_notify (notify, subnotify);
-  try_append_notify (notify, cnotify);
+  try_append_notify (notify, subcontact, BUFSIZ);
+  try_append_notify (notify, subnotify, BUFSIZ);
+  try_append_notify (notify, cnotify, BUFSIZ);
 
   {
     char *gnotify = (char *) strdup (header_value (X_GNATS_NOTIFY));
-    try_append_notify (notify, gnotify);
+    try_append_notify (notify, gnotify, BUFSIZ);
     xfree (gnotify);
   }
 
@@ -897,7 +899,7 @@ append_report (infile, filename)
   time_t t;
   /* Where to keep the static index if necessary.  */
   Index *current_index = (Index *)NULL;
-  Index *i, *prev_index = NULL, *old_index = NULL;
+  Index *i;
 
   /* Save the values we read while in main().  */
   from = (char *) strdup (header_value (FROM));
@@ -934,15 +936,15 @@ append_report (infile, filename)
 
   /* Separate this from the rest of the audit trail.  */
   APPEND_STRING ((char*)"\n", buf, b, buf_len, buf_max, l, 0);
-  sprintf (line, "From: %s", from);
+  snprintf (line, STR_MAXLONG, "From: %s", from);
   APPEND_STRING (line, buf, b, buf_len, buf_max, l, 0);
-  sprintf (line, "To: %s", to);
+  snprintf (line, STR_MAXLONG, "To: %s", to);
   APPEND_STRING (line, buf, b, buf_len, buf_max, l, 0);
-  sprintf (line, "Cc: %s", cc);
+  snprintf (line, STR_MAXLONG, "Cc: %s", cc);
   APPEND_STRING (line, buf, b, buf_len, buf_max, l, 0);
-  sprintf (line, "Subject: %s", subject);
+  snprintf (line, STR_MAXLONG, "Subject: %s", subject);
   APPEND_STRING (line, buf, b, buf_len, buf_max, l, 0);
-  sprintf (line, "Date: %s", date);
+  snprintf (line, STR_MAXLONG, "Date: %s", date);
   APPEND_STRING (line, buf, b, buf_len, buf_max, l, 0);
   APPEND_STRING ((char*)"\n", buf, b, buf_len, buf_max, l, 0);
 
@@ -988,7 +990,7 @@ append_report (infile, filename)
         {
           t = get_date (date, NULL);         
           i->last_modified = (char *) xmalloc (18);
-          sprintf (i->last_modified, "%d", t);    
+          snprintf (i->last_modified, 18, "%d", t);    
           /* write out the new index.  */
           write_index (current_index);
           break; 
@@ -1073,7 +1075,7 @@ get_bug_number ()
   /* First try to find and lock the gnats lock file.  We need this since
      they want every bug to have a unique number.  If lock doesn't exist,
      make it, if possible.  */
-  sprintf (sbuf, "%s/gnats-adm/current", gnats_root);
+  snprintf (sbuf, sizeof(sbuf), "%s/gnats-adm/current", gnats_root);
 
   block_signals ();
 
