=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/rcs/ci.c,v retrieving revision 1.165 retrieving revision 1.166 diff -c -r1.165 -r1.166 *** src/usr.bin/rcs/ci.c 2006/04/29 05:10:16 1.165 --- src/usr.bin/rcs/ci.c 2006/04/29 05:31:28 1.166 *************** *** 1,4 **** ! /* $OpenBSD: ci.c,v 1.165 2006/04/29 05:10:16 ray Exp $ */ /* * Copyright (c) 2005, 2006 Niall O'Higgins * All rights reserved. --- 1,4 ---- ! /* $OpenBSD: ci.c,v 1.166 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (c) 2005, 2006 Niall O'Higgins * All rights reserved. *************** *** 352,366 **** goto out; } ! strlcpy(path1, rcs_tmpdir, sizeof(path1)); ! strlcat(path1, "/diff1.XXXXXXXXXX", sizeof(path1)); rcs_buf_write_stmp(b1, path1, 0600); rcs_buf_free(b1); b1 = NULL; ! strlcpy(path2, rcs_tmpdir, sizeof(path2)); ! strlcat(path2, "/diff2.XXXXXXXXXX", sizeof(path2)); rcs_buf_write_stmp(b2, path2, 0600); rcs_buf_free(b2); --- 352,368 ---- goto out; } ! if (strlcpy(path1, rcs_tmpdir, sizeof(path1)) >= sizeof(path1) || ! strlcat(path1, "/diff1.XXXXXXXXXX", sizeof(path1)) >= sizeof(path1)) ! errx(1, "path truncated"); rcs_buf_write_stmp(b1, path1, 0600); rcs_buf_free(b1); b1 = NULL; ! if (strlcpy(path2, rcs_tmpdir, sizeof(path2)) >= sizeof(path2) || ! strlcat(path2, "/diff2.XXXXXXXXXX", sizeof(path2)) >= sizeof(path2)) ! errx(1, "path truncated"); rcs_buf_write_stmp(b2, path2, 0600); rcs_buf_free(b2); *************** *** 881,890 **** while (*c++) { if (*c == '$') { end = c - start + 2; ! if (end >= sizeof(buf)) errx(1, "keyword buffer" " too small!"); - strlcpy(buf, start, end); checkin_parsekeyword(buf, rev, date, author, state); break; --- 883,891 ---- while (*c++) { if (*c == '$') { end = c - start + 2; ! if (strlcpy(buf, start, end) >= end) errx(1, "keyword buffer" " too small!"); checkin_parsekeyword(buf, rev, date, author, state); break; *************** *** 970,980 **** *state = xstrdup(tokens[6]); len = strlen(tokens[3]) + strlen(tokens[4]) + 2; datestring = xmalloc(len); ! strlcpy(datestring, tokens[3], len); ! strlcat(datestring, " ", len); ! strlcat(datestring, tokens[4], len); if ((*date = rcs_date_parse(datestring)) <= 0) ! errx(1, "could not parse date"); xfree(datestring); break; case KW_TYPE_AUTHOR: --- 971,982 ---- *state = xstrdup(tokens[6]); len = strlen(tokens[3]) + strlen(tokens[4]) + 2; datestring = xmalloc(len); ! if (strlcpy(datestring, tokens[3], len) >= len || ! strlcat(datestring, " ", len) >= len || ! strlcat(datestring, tokens[4], len) >= len) ! errx(1, "date too long"); if ((*date = rcs_date_parse(datestring)) <= 0) ! errx(1, "could not parse date"); xfree(datestring); break; case KW_TYPE_AUTHOR: *************** *** 995,1005 **** } len = strlen(tokens[1]) + strlen(tokens[2]) + 2; datestring = xmalloc(len); ! strlcpy(datestring, tokens[1], len); ! strlcat(datestring, " ", len); ! strlcat(datestring, tokens[2], len); if ((*date = rcs_date_parse(datestring)) <= 0) ! errx(1, "could not parse date"); xfree(datestring); break; case KW_TYPE_STATE: --- 997,1008 ---- } len = strlen(tokens[1]) + strlen(tokens[2]) + 2; datestring = xmalloc(len); ! if (strlcpy(datestring, tokens[1], len) >= len || ! strlcat(datestring, " ", len) >= len || ! strlcat(datestring, tokens[2], len) >= len) ! errx(1, "date too long"); if ((*date = rcs_date_parse(datestring)) <= 0) ! errx(1, "could not parse date"); xfree(datestring); break; case KW_TYPE_STATE: