From 2fbb987bd63ae720fed1fbf320a3ed9498a8fe65 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Sat, 17 Jan 2015 05:31:29 +0000
Subject: [PATCH] eliminate strcpy & strcat, by using strlcpy, strlcat or
 snprintf where suitable. ok jsg

---
 libexec/tradcpp/files.c |  6 +-----
 libexec/tradcpp/macro.c |  4 ++--
 libexec/tradcpp/utils.c | 10 ++++------
 3 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/libexec/tradcpp/files.c b/libexec/tradcpp/files.c
index ea151b23286..e5e945581bb 100644
--- a/libexec/tradcpp/files.c
+++ b/libexec/tradcpp/files.c
@@ -313,11 +313,7 @@ mkfilename(struct place *place, const char *dir, const char *file)
 
 	rlen = dlen + (needslash ? 1 : 0) + flen;
 	ret = domalloc(rlen + 1);
-	strcpy(ret, dir);
-	if (needslash) {
-		strcat(ret, "/");
-	}
-	strcat(ret, file);
+	snprintf(ret, rlen+1, "%s%s%s", dir, needslash ? "/" : "", file);
 	return ret;
 }
 
diff --git a/libexec/tradcpp/macro.c b/libexec/tradcpp/macro.c
index 21059801333..8fe1e372aeb 100644
--- a/libexec/tradcpp/macro.c
+++ b/libexec/tradcpp/macro.c
@@ -779,10 +779,10 @@ expand_substitute(struct place *p, struct expstate *es)
 	for (i=0; i<num; i++) {
 		ei = expansionitemarray_get(&es->curmacro->expansion, i);
 		if (ei->isstring) {
-			strcat(ret, ei->string);
+			strlcat(ret, ei->string, len+1);
 		} else {
 			arg = stringarray_get(&es->args, ei->param);
-			strcat(ret, arg);
+			strlcat(ret, arg, len+1);
 		}
 	}
 
diff --git a/libexec/tradcpp/utils.c b/libexec/tradcpp/utils.c
index d4ab7a119ba..8be2d1e859b 100644
--- a/libexec/tradcpp/utils.c
+++ b/libexec/tradcpp/utils.c
@@ -29,6 +29,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <stdio.h>
 #include <assert.h>
 
 #include "utils.h"
@@ -170,7 +171,7 @@ dostrdup(const char *s)
 
 	len = strlen(s);
 	ret = domalloc(len+1);
-	strcpy(ret, s);
+	strlcpy(ret, s, len+1);
 	return ret;
 }
 
@@ -182,8 +183,7 @@ dostrdup2(const char *s, const char *t)
 
 	len = strlen(s) + strlen(t);
 	ret = domalloc(len+1);
-	strcpy(ret, s);
-	strcat(ret, t);
+	snprintf(ret, len+1, "%s%s", s, t);
 	return ret;
 }
 
@@ -195,9 +195,7 @@ dostrdup3(const char *s, const char *t, const char *u)
 
 	len = strlen(s) + strlen(t) + strlen(u);
 	ret = domalloc(len+1);
-	strcpy(ret, s);
-	strcat(ret, t);
-	strcat(ret, u);
+	snprintf(ret, len+1, "%s%s%s", s, t, u);
 	return ret;
 }
 
-- 
2.20.1