===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sendbug/sendbug.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- src/usr.bin/sendbug/sendbug.c	2007/03/27 03:40:44	1.32
+++ src/usr.bin/sendbug/sendbug.c	2007/03/27 04:15:00	1.33
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sendbug.c,v 1.32 2007/03/27 03:40:44 ray Exp $	*/
+/*	$OpenBSD: sendbug.c,v 1.33 2007/03/27 04:15:00 ray Exp $	*/
 
 /*
  * Written by Ray Lai <ray@cyth.net>.
@@ -285,41 +285,46 @@
 void
 init(void)
 {
-	size_t amp, len, namelen;
-	const char *src;
+	size_t amp, len, gecoslen, namelen;
 	int sysname[2];
-	char *dst, *cp;
+	char ch, *cp;
 
 	if ((pw = getpwuid(getuid())) == NULL)
 		err(1, "getpwuid");
 	namelen = strlen(pw->pw_name);
 
 	/* Count number of '&'. */
-	for (amp = 0, src = pw->pw_gecos; *src && *src != ','; ++src)
-		if (*src == '&')
+	for (amp = 0, cp = pw->pw_gecos; *cp && *cp != ','; ++cp)
+		if (*cp == '&')
 			++amp;
+
+	/* Truncate gecos to full name. */
+	gecoslen = cp - pw->pw_gecos;
+	pw->pw_gecos[gecoslen] = '\0';
+
 	/* Expanded str = orig str - '&' chars + concatenated logins. */
-	len = (src - pw->pw_gecos) - amp + (amp * namelen);
-	if ((fullname = malloc(len + 1)) == NULL)
+	len = gecoslen - amp + (amp * namelen) + 1;
+	if ((fullname = malloc(len)) == NULL)
 		err(1, "malloc");
 
-	dst = fullname;
-	src = pw->pw_gecos;
-	while (*src != ',' && *src != '\0') {
-		/* Copy text up to ',' or '&' and skip. */
-		len = strcspn(src, ",&");
-		memcpy(dst, src, len);
-		dst += len;
-		src += len;
-		/* Replace '&' with login. */
-		if (*src == '&') {
-			memcpy(dst, pw->pw_name, namelen);
-			*dst = toupper((unsigned char)*dst);
-			dst += namelen;
-			++src;
-		}
+	/* Upper case first char of login. */
+	ch = pw->pw_name[0];
+	pw->pw_name[0] = toupper((unsigned char)pw->pw_name[0]);
+
+	cp = pw->pw_gecos;
+	fullname[0] = '\0';
+	while (cp != NULL) {
+		char *token;
+
+		token = strsep(&cp, "&");
+		if (token != pw->pw_gecos &&
+		    strlcat(fullname, pw->pw_name, len) >= len)
+			errx(1, "truncated string");
+		if (strlcat(fullname, token, len) >= len)
+			errx(1, "truncated string");
 	}
-	*dst = '\0';
+	/* Restore case of first char of login. */
+	pw->pw_name[0] = ch;
 
 	sysname[0] = CTL_KERN;
 	sysname[1] = KERN_OSTYPE;