From 9a33f5bfb221170e823efd3c33ab5d331baf7c74 Mon Sep 17 00:00:00 2001
From: dholland <dholland@NetBSD.org>
Date: Sun, 7 Jun 2009 20:13:18 +0000
Subject: sprintf -> snprintf, plus some use of strlcpy/strlcat where
 appropriate XXX: there's still one sprintf left which will take some hacking
 to expunge.

---
 hack/hack.options.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

(limited to 'hack/hack.options.c')

diff --git a/hack/hack.options.c b/hack/hack.options.c
index b03454aa..e01a0d04 100644
--- a/hack/hack.options.c
+++ b/hack/hack.options.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.options.c,v 1.8 2009/06/07 18:30:39 dholland Exp $	*/
+/*	$NetBSD: hack.options.c,v 1.9 2009/06/07 20:13:18 dholland Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -63,7 +63,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: hack.options.c,v 1.8 2009/06/07 18:30:39 dholland Exp $");
+__RCSID("$NetBSD: hack.options.c,v 1.9 2009/06/07 20:13:18 dholland Exp $");
 #endif				/* not lint */
 
 #include <stdlib.h>
@@ -237,7 +237,8 @@ bad:
 int
 doset(void)
 {
-	char            buf[BUFSZ];
+	char buf[BUFSZ];
+	size_t pos;
 
 	pline("What options do you want to set? ");
 	getlin(buf);
@@ -245,22 +246,24 @@ doset(void)
 		(void) strcpy(buf, "HACKOPTIONS=");
 		(void) strcat(buf, flags.female ? "female," : "male,");
 		if (flags.standout)
-			(void) strcat(buf, "standout,");
+			(void) strlcat(buf, "standout,", sizeof(buf));
 		if (flags.nonull)
-			(void) strcat(buf, "nonull,");
+			(void) strlcat(buf, "nonull,", sizeof(buf));
 		if (flags.nonews)
-			(void) strcat(buf, "nonews,");
+			(void) strlcat(buf, "nonews,", sizeof(buf));
 		if (flags.time)
-			(void) strcat(buf, "time,");
+			(void) strlcat(buf, "time,", sizeof(buf));
 		if (flags.notombstone)
-			(void) strcat(buf, "notombstone,");
+			(void) strlcat(buf, "notombstone,", sizeof(buf));
 		if (flags.no_rest_on_space)
-			(void) strcat(buf, "!rest_on_space,");
+			(void) strlcat(buf, "!rest_on_space,", sizeof(buf));
 		if (flags.end_top != 5 || flags.end_around != 4 || flags.end_own) {
-			(void) sprintf(eos(buf), "endgame: %u topscores/%u around me",
+			pos = strlen(buf);
+			(void) snprintf(buf+pos, sizeof(buf)-pos,
+				       "endgame: %u topscores/%u around me",
 				       flags.end_top, flags.end_around);
 			if (flags.end_own)
-				(void) strcat(buf, "/own scores");
+				(void) strlcat(buf, "/own scores", sizeof(buf));
 		} else {
 			char           *eop = eos(buf);
 			if (*--eop == ',')
-- 
cgit v1.2.3-56-ge451