diff -ru sbin/camcontrol.orig/camcontrol.c sbin/camcontrol/camcontrol.c --- sbin/camcontrol.orig/camcontrol.c 2003-06-17 01:27:32.000000000 -0300 +++ sbin/camcontrol/camcontrol.c 2004-10-27 22:13:09.000000000 -0200 @@ -251,16 +251,16 @@ switch (ccb->cgdl.status) { case CAM_GDEVLIST_MORE_DEVS: - strcpy(status, "MORE"); + strlcpy(status, "MORE", sizeof(status)); break; case CAM_GDEVLIST_LAST_DEVICE: - strcpy(status, "LAST"); + strlcpy(status, "LAST", sizeof(status)); break; case CAM_GDEVLIST_LIST_CHANGED: - strcpy(status, "CHANGED"); + strlcpy(status, "CHANGED", sizeof(status)); break; case CAM_GDEVLIST_ERROR: - strcpy(status, "ERROR"); + strlcpy(status, "ERROR", sizeof(status)); error = 1; break; } @@ -396,8 +396,8 @@ dev_result->inq_data.revision, sizeof(dev_result->inq_data.revision), sizeof(revision)); - sprintf(tmpstr, "<%s %s %s>", vendor, product, - revision); + snprintf(tmpstr, sizeof(tmpstr), "<%s %s %s>", + vendor, product, revision); if (need_close) { fprintf(stdout, ")\n"); need_close = 0; @@ -3363,9 +3363,10 @@ * KDM, September 8th, 1998 */ if (subopt != NULL) - sprintf(combinedopt, "%s%s", mainopt, subopt); + snprintf(combinedopt, sizeof(combinedopt), "%s%s", mainopt, + subopt); else - sprintf(combinedopt, "%s", mainopt); + snprintf(combinedopt, sizeof(combinedopt), "%s", mainopt); /* * For these options we do not parse optional device arguments and diff -ru sbin/camcontrol.orig/modeedit.c sbin/camcontrol/modeedit.c --- sbin/camcontrol.orig/modeedit.c 2003-06-17 01:27:32.000000000 -0300 +++ sbin/camcontrol/modeedit.c 2004-10-27 22:13:24.000000000 -0200 @@ -287,7 +287,7 @@ if ((cval = malloc(dest->size + 1)) == NULL) err(EX_OSERR, NULL); bzero(cval, dest->size + 1); - strncpy(cval, newvalue, dest->size); + strlcpy(cval, newvalue, dest->size + 1); if (dest->type == 'z') { /* Convert trailing spaces to nulls. */ char *convertend; @@ -466,7 +466,7 @@ /* Reset the processor state. */ SETSTATE_LOCATE; } else if (depth == 0 && ! BUFFERFULL(str_pagenum)) { - strncat(str_pagenum, &c, 1); + strlcat(str_pagenum, &c, sizeof(str_pagenum)); } else if (depth == 0) { errx(EX_OSFILE, "%s:%d: %s %d %s", pagedb_path, lineno, "page identifier exceeds", @@ -482,7 +482,7 @@ */ state = LOCATE; } else if (! BUFFERFULL(str_pagename)) { - strncat(str_pagename, &c, 1); + strlcat(str_pagename, &c, sizeof(str_pagename)); } else { errx(EX_OSFILE, "%s:%d: %s %d %s", pagedb_path, lineno, "page name exceeds", @@ -499,7 +499,7 @@ found = 1; SETSTATE_LOCATE; } else if (! BUFFERFULL(format)) { - strncat(format, &c, 1); + strlcat(format, &c, sizeof(str_pagename)); } else { errx(EX_OSFILE, "%s:%d: %s %d %s", pagedb_path, lineno, "page definition exceeds", @@ -721,6 +721,7 @@ char *commandline; int fd; int written; + size_t cmdlen; if (!isatty(fileno(stdin))) { /* Not a tty, read changes from stdin. */ @@ -757,10 +758,11 @@ * are to hold the argument separator (a space), and the terminating * null character. */ - commandline = malloc(strlen(editor) + strlen(edit_path) + 2); + cmdlen = strlen(editor) + strlen(edit_path) + 2; + commandline = malloc(cmdlen); if (commandline == NULL) err(EX_OSERR, NULL); - sprintf(commandline, "%s %s", editor, edit_path); + snprintf(commandline, cmdlen, "%s %s", editor, edit_path); /* Invoke the editor on the temp file. */ if (system(commandline) == -1) diff -ru sbin/camcontrol.orig/util.c sbin/camcontrol/util.c --- sbin/camcontrol.orig/util.c 2003-06-17 01:27:32.000000000 -0300 +++ sbin/camcontrol/util.c 2004-10-27 22:13:09.000000000 -0200 @@ -130,7 +130,7 @@ } bzero(p, count +1); - strncpy(p, (char *)arg, count); + strlcpy(p, (char *)arg, count + 1); if (letter == 'z') { int i;