فهرست منبع

* Cleanup more bounds checking via: strlcat, strlcpy, snprintf
* Remove some redundant time code


svn: 3895

Bryan Drewery 17 سال پیش
والد
کامیت
5ce42e86f1

+ 1 - 1
Makefile.in

@@ -36,7 +36,7 @@ STRIP = @STRIP@
 DIFF = @DIFF@
 
 #LIBS = @LIBS@ @ZLIB@ @SSL@ 
-LIBS = @LIBS@ @ZLIB@ 
+LIBS = @LIBS@
 
 DEBCXXFLAGS = -DDEBUG -fno-inline -g3 -ggdb3 -O0 -Wshadow -Wpointer-arith -Wcast-align @GCC3DEB@
 CFLGS = @GCC3@

+ 0 - 0
private/grep → misc/grep


+ 15 - 13
src/adns.c

@@ -132,9 +132,9 @@ interval_t async_server_timeout = 40;
 //int resend_on_read = 0;
 
 static void 
-dns_display(int idx, char *buf)
+dns_display(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "named   waited %ds", (int) (now - dcc[idx].timeval));
+  simple_snprintf(buf, bufsiz, "named   waited %ds", (int) (now - dcc[idx].timeval));
 }
 
 static void
@@ -190,9 +190,9 @@ static void eof_dcc_dnswait(int idx)
   lostdcc(idx);
 }
 
-static void display_dcc_dnswait(int idx, char *buf)
+static void display_dcc_dnswait(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "dns   waited %ds", (int) (now - dcc[idx].timeval));
+  simple_snprintf(buf, bufsiz, "dns   waited %ds", (int) (now - dcc[idx].timeval));
 }
 
 static void kill_dcc_dnswait(int idx, void *x)
@@ -297,8 +297,8 @@ static int get_dns_idx()
           dcc[dns_idx].sock = sock;
           dns_sock = sock;
           sdprintf("dns_sock: %d", dcc[dns_idx].sock);
-          strcpy(dcc[dns_idx].host, dns_ip);
-          strcpy(dcc[dns_idx].nick, "(adns)");
+          strlcpy(dcc[dns_idx].host, dns_ip, UHOSTLEN);
+          strlcpy(dcc[dns_idx].nick, "(adns)", NICKLEN);
           sdprintf("dns_ip: %s", dns_ip);
           dcc[dns_idx].timeval = now;
           dns_handler.timeout_val = 0;
@@ -508,16 +508,18 @@ int egg_dns_reverse(const char *ip, interval_t timeout, dns_callback_t callback,
 
 		socket_ipv6_to_dots(ip, temp);
 sdprintf("dots: %s", temp);
-		q->ip = (char *) my_calloc(1, strlen(temp) + 9 + 1);
+		size_t iplen = strlen(temp) + 9 + 1;
+		q->ip = (char *) my_calloc(1, iplen);
 //		reverse_ip(temp, q->ip);
-		strcat(q->ip, temp);
-		strcat(q->ip, "ip6.arpa");
+		strlcat(q->ip, temp, iplen);
+		strlcat(q->ip, "ip6.arpa", iplen);
 sdprintf("reversed ipv6 ip: %s", q->ip);
 	}
 	else {
-		q->ip = (char *) my_calloc(1, strlen(ip) + 13 + 1);
+		size_t iplen = strlen(ip) + 13 + 1;
+		q->ip = (char *) my_calloc(1, iplen);
 		reverse_ip(ip, q->ip);
-		strcat(q->ip, ".in-addr.arpa");
+		strlcat(q->ip, ".in-addr.arpa", iplen);
 	}
 
         dns_send_query(q);
@@ -895,12 +897,12 @@ static int parse_reply(char *response, size_t nbytes)
 
 		switch (reply.type) {
 		case DNS_A:
-			inet_ntop(AF_INET, ptr, result, 512);
+			egg_inet_ntop(AF_INET, ptr, result, 512);
 			answer_add(&q->answer, result);
 			break;
 		case DNS_AAAA:
 #ifdef USE_IPV6
-			inet_ntop(AF_INET6, ptr, result, 512);
+			egg_inet_ntop(AF_INET6, ptr, result, 512);
 			answer_add(&q->answer, result);
 #endif /* USE_IPV6 */
 			break;

+ 8 - 8
src/binary.c

@@ -311,22 +311,22 @@ readcfg(const char *cfgfile)
           strlcpy(settings.dcc_prefix, trim(p), sizeof settings.dcc_prefix);
           printf(".");
         } else if (!egg_strcasecmp(buffer, STR("owner"))) {
-          strcat(settings.owners, trim(p));
-          strcat(settings.owners, ",");
+          strlcat(settings.owners, trim(p), sizeof(settings.owners));
+          strlcat(settings.owners, ",", sizeof(settings.owners));
           printf(".");
         } else if (!egg_strcasecmp(buffer, STR("owneremail"))) {
-          strcat(settings.owneremail, trim(p));
-          strcat(settings.owneremail, ",");
+          strlcat(settings.owneremail, trim(p), sizeof(settings.owneremail));
+          strlcat(settings.owneremail, ",", sizeof(settings.owneremail));
           printf(".");
         } else if (!egg_strcasecmp(buffer, STR("hub"))) {
-          strcat(settings.hubs, trim(p));
-          strcat(settings.hubs, ",");
+          strlcat(settings.hubs, trim(p), sizeof(settings.hubs));
+          strlcat(settings.hubs, ",", sizeof(settings.hubs));
           printf(".");
         } else if (!egg_strcasecmp(buffer, STR("salt1"))) {
-          strcat(settings.salt1, trim(p));
+          strlcat(settings.salt1, trim(p), sizeof(settings.salt1));
           printf(".");
         } else if (!egg_strcasecmp(buffer, STR("salt2"))) {
-          strcat(settings.salt2, trim(p));
+          strlcat(settings.salt2, trim(p), sizeof(settings.salt2));
           printf(".");
         } else {
           printf("%s %s\n", buffer, p);

+ 18 - 16
src/botcmd.c

@@ -326,7 +326,7 @@ static void remote_tell_who(int idx, char *nick, int chan)
   else
     realnick = nick;
   putlog(LOG_BOTS, "*", "#%s# who", realnick);
-  strcpy(s, "Channels: ");
+  strlcpy(s, "Channels: ", sizeof(s));
   for (c = chanset; c; c = c->next)
     if (!channel_secret(c) && shouldjoin(c)) {
       l = strlen(c->dname);
@@ -334,7 +334,7 @@ static void remote_tell_who(int idx, char *nick, int chan)
 	if (i > 10) {
           simple_snprintf(s, sizeof(s), "%s, %s", s, c->dname);
 	} else {
-          strcpy(s, c->dname);
+          strlcpy(s, c->dname, sizeof(s));
 	  i += (l + 2);
         }
       }
@@ -358,7 +358,7 @@ static void remote_tell_who(int idx, char *nick, int chan)
   for (i = 0; i < dcc_total; i++) {
     if (dcc[i].type && dcc[i].type->flags & DCT_REMOTEWHO) {
       if (dcc[i].u.chat->channel == chan) {
-	k = sprintf(s, "  %c%-15s %s", (geticon(i) == '-' ? ' ' : geticon(i)),
+	k = egg_snprintf(s, sizeof(s), "  %c%-15s %s", (geticon(i) == '-' ? ' ' : geticon(i)),
 		    dcc[i].nick, dcc[i].host);
 	if (now - dcc[i].timeval > 300) {
 	  unsigned long mydays, hrs, mins;
@@ -367,11 +367,11 @@ static void remote_tell_who(int idx, char *nick, int chan)
 	  hrs = ((now - dcc[i].timeval) - (mydays * 86400)) / 3600;
 	  mins = ((now - dcc[i].timeval) - (hrs * 3600)) / 60;
 	  if (mydays > 0)
-	    sprintf(s + k, " (idle %lud%luh)", mydays, hrs);
+	    simple_snprintf(s + k, sizeof(s) - k, " (idle %lud%luh)", mydays, hrs);
 	  else if (hrs > 0)
-	    sprintf(s + k, " (idle %luh%lum)", hrs, mins);
+	    simple_snprintf(s + k, sizeof(s) - k, " (idle %luh%lum)", hrs, mins);
 	  else
-	    sprintf(s + k, " (idle %lum)", mins);
+	    simple_snprintf(s + k, sizeof(s) - k, " (idle %lum)", mins);
 	}
 	botnet_send_priv(idx, conf.bot->nick, nick, NULL, "%s", s);
 	if (dcc[i].u.chat->away != NULL)
@@ -385,7 +385,7 @@ static void remote_tell_who(int idx, char *nick, int chan)
 	ok = 1;
 	botnet_send_priv(idx, conf.bot->nick, nick, NULL, "%s:", "Bots connected");
       }
-      sprintf(s, "  %s%c%-15s %s",
+      egg_snprintf(s, sizeof(s), "  %s%c%-15s %s",
 	      dcc[i].status & STAT_CALLED ? "<-" : "->",
 	      dcc[i].status & STAT_SHARE ? '+' : ' ',
 	      dcc[i].nick, dcc[i].u.bot->version);
@@ -400,7 +400,7 @@ static void remote_tell_who(int idx, char *nick, int chan)
 	  ok = 1;
 	  botnet_send_priv(idx, conf.bot->nick, nick, NULL, "%s:", "Other people on the bot");
 	}
-	l = sprintf(s, "  %c%-15s %s", (geticon(i) == '-' ? ' ' : geticon(i)), dcc[i].nick, dcc[i].host);
+	l = egg_snprintf(s, sizeof(s), "  %c%-15s %s", (geticon(i) == '-' ? ' ' : geticon(i)), dcc[i].nick, dcc[i].host);
 	if (now - dcc[i].timeval > 300) {
 	  k = (now - dcc[i].timeval) / 60;
 	  if (k < 60)
@@ -429,7 +429,8 @@ static void bot_shellinfo(int idx, char *par)
   set_user(&USERENTRY_USERNAME, dcc[idx].user, username);
   set_user(&USERENTRY_OS, dcc[idx].user, sysname);
   dcc[idx].u.bot->sysname[0] = 0;
-  strcpy(dcc[idx].u.bot->sysname, sysname); 
+  struct bot_info dummy;
+  strlcpy(dcc[idx].u.bot->sysname, sysname, sizeof(dummy.sysname)); 
   set_user(&USERENTRY_NODENAME, dcc[idx].user, nodename);
   set_user(&USERENTRY_ARCH, dcc[idx].user, arch);
   set_user(&USERENTRY_OSVER, dcc[idx].user, botversion);
@@ -639,7 +640,7 @@ static void bot_nlinked(int idx, char *par)
   } else if ((in_chain(newbot)) || (!egg_strcasecmp(newbot, conf.bot->nick))) {
     /* Loop! */
     putlog(LOG_BOTS, "*", "Loop detected %s (mutual: %s)", dcc[idx].nick, newbot);
-    simple_sprintf(s, "Detected loop: two bots exist named %s: disconnecting %s", newbot, dcc[idx].nick);
+    simple_snprintf(s, sizeof(s), "Detected loop: two bots exist named %s: disconnecting %s", newbot, dcc[idx].nick);
     dprintf(idx, "error Loop (%s)\n", newbot);
   }
   if (!s[0]) {
@@ -872,7 +873,7 @@ static void bot_thisbot(int idx, char *par)
   noshare = 1;
   change_handle(dcc[idx].user, par);
   noshare = 0;
-  strcpy(dcc[idx].nick, par);
+  strlcpy(dcc[idx].nick, par, NICKLEN);
 }
 
 /* Used to send a direct msg from Tcl on one bot to Tcl on another
@@ -1228,7 +1229,7 @@ void send_remote_simul(int idx, char *bot, char *cmd, char *par)
 {
   char msg[SGRAB - 110] = "";
 
-  egg_snprintf(msg, sizeof msg, "r-s %d %s %d %s %lu %s %s", idx, dcc[idx].nick, dcc[idx].u.chat->con_flags, 
+  simple_snprintf(msg, sizeof msg, "r-s %d %s %d %s %lu %s %s", idx, dcc[idx].nick, dcc[idx].u.chat->con_flags, 
                dcc[idx].u.chat->con_chan, dcc[idx].status, cmd, par);
   putbot(bot, msg);
 }
@@ -1277,13 +1278,14 @@ static void bot_rsim(char *botnick, char *code, char *msg)
     dcc[idx].simultime = now;
     dcc[idx].simul = ridx;
     dcc[idx].status = status;
-    strcpy(dcc[idx].simulbot, botnick);
+    strlcpy(dcc[idx].simulbot, botnick, NICKLEN);
     dcc[idx].u.chat->con_flags = rconmask;
-    strcpy(dcc[idx].u.chat->con_chan, rconchan);
+    struct chat_info dummy;
+    strlcpy(dcc[idx].u.chat->con_chan, rconchan, sizeof(dummy.con_chan));
     dcc[idx].u.chat->strip_flags = STRIP_ALL;
-    strcpy(dcc[idx].nick, nick);
+    strlcpy(dcc[idx].nick, nick, NICKLEN);
     simple_snprintf(buf, sizeof buf, "%s@%s", nick, botnick);
-    strcpy(dcc[idx].host, buf);
+    strlcpy(dcc[idx].host, buf, UHOSTLEN);
     dcc[idx].addr = 0L;
     dcc[idx].user = get_user_by_handle(userlist, nick);
   }

+ 2 - 2
src/botmsg.c

@@ -466,11 +466,11 @@ int add_note(char *to, char *from, char *msg, int idx, int echo)
       if (strlen(from) > 40)
 	from[40] = 0;
       if (strchr(from, '@')) {
-	strcpy(botf, from);
+	strlcpy(botf, from, sizeof(botf));
       } else
 	simple_snprintf(botf, sizeof(botf), "%s@%s", from, conf.bot->nick);
     } else
-      strcpy(botf, conf.bot->nick);
+      strlcpy(botf, conf.bot->nick, sizeof(botf));
     i = nextbot(p);
     if (i < 0) {
       if (idx >= 0)

+ 50 - 47
src/botnet.c

@@ -254,10 +254,10 @@ int partynick(char *bot, int sock, char *nick)
 
   for (int i = 0; i < parties; i++) {
     if (!egg_strcasecmp(party[i].bot, bot) && (party[i].sock == sock)) {
-      strcpy(work, party[i].nick);
+      strlcpy(work, party[i].nick, sizeof(work));
       strncpy(party[i].nick, nick, HANDLEN);
       party[i].nick[HANDLEN] = 0;
-      strcpy(nick, work);
+      strlcpy(nick, work, HANDLEN + 1);
       return i;
     }
   }
@@ -324,8 +324,8 @@ void remparty(char *bot, int sock)
       if (party[i].away)
 	free(party[i].away);
       if (i < parties) {
-	strcpy(party[i].bot, party[parties].bot);
-	strcpy(party[i].nick, party[parties].nick);
+	strlcpy(party[i].bot, party[parties].bot, sizeof(party[i].bot));
+	strlcpy(party[i].nick, party[parties].nick, sizeof(party[i].nick));
 	party[i].chan = party[parties].chan;
 	party[i].sock = party[parties].sock;
 	party[i].flag = party[parties].flag;
@@ -370,20 +370,21 @@ void unvia(int idx, tand_t *who)
   }
 }
 
+#ifdef NOTUSED
 void besthub(char *hub)
 {
   tand_t *ptr = tandbot;
   struct userrec *u = NULL, *besthubu = NULL;
-  char bestlval[20] = "", lval[20] = "";
+  char bestlval[HANDLEN + 4] = "", lval[HANDLEN + 4] = "";
 
   hub[0] = 0;
-  strcpy(bestlval, "z");
+  strlcpy(bestlval, "z", sizeof(bestlval));
   while (ptr) {
     u = get_user_by_handle(userlist, ptr->bot);
     if (u) {
       link_pref_val(u, lval);
       if (strcmp(lval, bestlval) < 0) {
-        strcpy(bestlval, lval);
+        strlcpy(bestlval, lval, sizeof(bestlval));
         besthubu = u;
       }
     }
@@ -393,6 +394,7 @@ void besthub(char *hub)
     strcpy(hub, besthubu->handle);
   return;
 }
+#endif
 
 /* Return index into dcc list of the bot that connects us to bot <x>
  */
@@ -457,15 +459,15 @@ void answer_local_whom(int idx, int chan)
   if(botnicklen < 9) botnicklen = 9;
 
   if (conf.bot->hub) {
-    egg_snprintf(format, sizeof format, "%%-%us   %%-%us  %%s\n", nicklen, botnicklen);
+    simple_snprintf(format, sizeof format, "%%-%us   %%-%us  %%s\n", nicklen, botnicklen);
     dprintf(idx, format, " Nick", 	" Bot",      " Host");
     dprintf(idx, format, "----------",	"---------", "--------------------");
-    egg_snprintf(format, sizeof format, "%%c%%-%us %%c %%-%us  %%s%%s\n", nicklen, botnicklen);
+    simple_snprintf(format, sizeof format, "%%c%%-%us %%c %%-%us  %%s%%s\n", nicklen, botnicklen);
   } else {
-    egg_snprintf(format, sizeof format, "%%-%us\n", nicklen);
+    simple_snprintf(format, sizeof format, "%%-%us\n", nicklen);
     dprintf(idx, format, " Nick");
     dprintf(idx, format, "----------");
-    egg_snprintf(format, sizeof format, "%%c%%-%us %%c %%s\n", nicklen);
+    simple_snprintf(format, sizeof format, "%%c%%-%us %%c %%s\n", nicklen);
   }
   for (i = 0; i < dcc_total; i++) {
     if (dcc[i].type && dcc[i].simul == -1 && dcc[i].type == &DCC_CHAT) {
@@ -480,11 +482,11 @@ void answer_local_whom(int idx, int chan)
 	  hrs = ((now - dcc[i].timeval) - (mydays * 86400)) / 3600;
 	  mins = ((now - dcc[i].timeval) - (hrs * 3600)) / 60;
 	  if (mydays > 0)
-	    sprintf(idle, " [idle %lud%luh]", mydays, hrs);
+	    simple_snprintf(idle, sizeof(idle), " [idle %lud%luh]", mydays, hrs);
 	  else if (hrs > 0)
-	    sprintf(idle, " [idle %luh%lum]", hrs, mins);
+	    simple_snprintf(idle, sizeof(idle), " [idle %luh%lum]", hrs, mins);
 	  else
-	    sprintf(idle, " [idle %lum]", mins);
+	    simple_snprintf(idle, sizeof(idle), " [idle %lum]", mins);
 	} else
 	  idle[0] = 0;
 
@@ -513,7 +515,7 @@ void answer_local_whom(int idx, int chan)
       if (c == '-')
 	c = ' ';
       if (party[i].timer == 0L)
-	strcpy(idle, " [idle?]");
+	strlcpy(idle, " [idle?]", sizeof(idle));
       else if (now - party[i].timer > 300) {
 	unsigned long mydays, hrs, mins;
 
@@ -521,11 +523,11 @@ void answer_local_whom(int idx, int chan)
 	hrs = ((now - party[i].timer) - (mydays * 86400)) / 3600;
 	mins = ((now - party[i].timer) - (hrs * 3600)) / 60;
 	if (mydays > 0)
-	  sprintf(idle, " [idle %lud%luh]", mydays, hrs);
+	  simple_snprintf(idle, sizeof(idle), " [idle %lud%luh]", mydays, hrs);
 	else if (hrs > 0)
-	  sprintf(idle, " [idle %luh%lum]", hrs, mins);
+	  simple_snprintf(idle, sizeof(idle), " [idle %luh%lum]", hrs, mins);
 	else
-	  sprintf(idle, " [idle %lum]", mins);
+	  simple_snprintf(idle, sizeof(idle), " [idle %lum]", mins);
       } else
 	idle[0] = 0;
       total++;
@@ -556,8 +558,8 @@ tell_bots(int idx, int up, const char *nodename)
     if (nodename)
       node = (char *) get_user(&USERENTRY_NODENAME, conf.bot->u);    
     if (!nodename || wild_match(nodename, node)) {
-      strcat(work, conf.bot->nick);
-      strcat(work, " ");
+      strlcat(work, conf.bot->nick, sizeof(work));
+      strlcat(work, " ", sizeof(work));
       cnt++;
       tot++;
       if (nodename)
@@ -578,8 +580,8 @@ tell_bots(int idx, int up, const char *nodename)
             node = (char *) get_user(&USERENTRY_NODENAME, u);
           if (!nodename || wild_match(nodename, node)) {
             if (nodename && !found)
-              strcat(work, "*");
-            strcat(work, u->handle);
+              strlcat(work, "*", sizeof(work));
+            strlcat(work, u->handle, sizeof(work));
             cnt++;
             if (nodename)
               mtot++;
@@ -590,7 +592,7 @@ tell_bots(int idx, int up, const char *nodename)
               work[0] = 0;
               cnt = 0;
             } else {
-              strcat(work, " ");
+              strlcat(work, " ", sizeof(work));
             }
           }
         }
@@ -626,7 +628,7 @@ void tell_bottree(int idx)
 	s[i++] = ',';
 	s[i++] = ' ';
       }
-      strcpy(s + i, bot->bot);
+      strlcpy(s + i, bot->bot, sizeof(s) - i);
       i += strlen(bot->bot);
     }
 
@@ -660,15 +662,15 @@ void tell_bottree(int idx)
       imark = 0;
       for (i = 0; i < lev; i++) {
 	if (mark[i])
-	  strcpy(work + imark, "  |  ");
+	  strlcpy(work + imark, "  |  ", sizeof(work) - imark);
 	else
-	  strcpy(work + imark, "     ");
+	  strlcpy(work + imark, "     ", sizeof(work) - imark);
 	imark += 5;
       }
       if (cnt > 1)
-	strcpy(work + imark, "  |-");
+	strlcpy(work + imark, "  |-", sizeof(work) - imark);
       else
-	strcpy(work + imark, "  `-");
+	strlcpy(work + imark, "  `-", sizeof(work) - imark);
       s[0] = 0;
       bot = tandbot;
       while (!s[0]) {
@@ -686,7 +688,7 @@ void tell_bottree(int idx)
             i = simple_snprintf(s, sizeof(s), "%c", bot->share);
           else
             i = simple_snprintf(s, sizeof(s), "-");
-          i = sprintf(s + 1, "%s%s%s (%s %d)", color_str ? color_str : "",
+          i = simple_snprintf(s + 1, sizeof(s) - 1, "%s%s%s (%s %d)", color_str ? color_str : "",
                                                 bot->bot,
                                                 color_str ? COLOR_END(idx) : "",
                                                 bot->version, bot->revision);
@@ -732,7 +734,7 @@ void tell_bottree(int idx)
                   i = simple_snprintf(s, sizeof(s), "%c", bot->share);
                 else
                   i = simple_snprintf(s, sizeof(s), "-");
-                i = sprintf(s + 1, "%s%s%s (%s %d)", color_str ? color_str : "",
+                i = simple_snprintf(s + 1, sizeof(s) - 1, "%s%s%s (%s %d)", color_str ? color_str : "",
                                                       bot->bot,
                                                       color_str ? COLOR_END(idx) : "",
                                                       bot->version, bot->revision);
@@ -744,9 +746,9 @@ void tell_bottree(int idx)
 	  imark = 0;
 	  for (i = 1; i < lev; i++) {
 	    if (mark[i - 1])
-	      strcpy(work + imark, "  |  ");
+	      strlcpy(work + imark, "  |  ", sizeof(work) - imark);
 	    else
-	      strcpy(work + imark, "     ");
+	      strlcpy(work + imark, "     ", sizeof(work) - imark);
 	    imark += 5;
 	  }
 	  more = 1;
@@ -1020,8 +1022,8 @@ int botlink(char *linker, int idx, char *nick)
       dcc[i].timeval = now;
       dcc[i].port = bi->telnet_port;
       dcc[i].user = u;
-      strcpy(dcc[i].nick, nick);
-      strcpy(dcc[i].host, bi->address);
+      strlcpy(dcc[i].nick, nick, NICKLEN);
+      strlcpy(dcc[i].host, bi->address, UHOSTLEN);
       dcc[i].u.dns->cptr = strdup(linker);
       dcc[i].u.dns->ibuf = idx;
       dcc[i].bot = 1;
@@ -1068,9 +1070,10 @@ static void botlink_dns_callback(int id, void *client_data, const char *host, ch
 
   changeover_dcc(i, &DCC_FORK_BOT, sizeof(struct bot_info));
   dcc[i].timeval = now;
-  strcpy(dcc[i].u.bot->version, "(primitive bot)");
-  strcpy(dcc[i].u.bot->sysname, "*");
-  strcpy(dcc[i].u.bot->linker, linker);
+  struct bot_info dummy;
+  strlcpy(dcc[i].u.bot->version, "(primitive bot)", sizeof(dummy.version));
+  strlcpy(dcc[i].u.bot->sysname, "*", 2);
+  strlcpy(dcc[i].u.bot->linker, linker, sizeof(dummy.linker));
   dcc[i].u.bot->numver = idx;
   free(linker);
 
@@ -1173,9 +1176,9 @@ void tandem_relay(int idx, char *nick, register int i)
 
   dcc[i].port = bi->relay_port;
   dcc[i].addr = 0L;
-  strcpy(dcc[i].nick, nick);
+  strlcpy(dcc[i].nick, nick, NICKLEN);
   dcc[i].user = u;
-  strcpy(dcc[i].host, bi->address);
+  strlcpy(dcc[i].host, bi->address, UHOSTLEN);
   if (conf.bot->hub) 
     dprintf(idx, "%s %s @ %s:%d ...\n", "Connecting to", nick, bi->address, bi->relay_port);
   dprintf(idx, "(Type *BYE* on a line by itself to abort.)\n");
@@ -1527,24 +1530,24 @@ static void dcc_relaying(int idx, char *buf, int j)
   lostdcc(j);
 }
 
-static void display_relay(int i, char *other)
+static void display_relay(int i, char *other, size_t bufsiz)
 {
-  simple_sprintf(other, "rela  -> sock %d", dcc[i].u.relay->sock);
+  simple_snprintf(other, bufsiz, "rela  -> sock %d", dcc[i].u.relay->sock);
 }
 
-static void display_relaying(int i, char *other)
+static void display_relaying(int i, char *other, size_t bufsiz)
 {
-  simple_sprintf(other, ">rly  -> sock %d", dcc[i].u.relay->sock);
+  simple_snprintf(other, bufsiz, ">rly  -> sock %d", dcc[i].u.relay->sock);
 }
 
-static void display_tandem_relay(int i, char *other)
+static void display_tandem_relay(int i, char *other, size_t bufsiz)
 {
-  strcpy(other, "other  rela");
+  strlcpy(other, "other  rela", bufsiz);
 }
 
-static void display_pre_relay(int i, char *other)
+static void display_pre_relay(int i, char *other, size_t bufsiz)
 {
-  strcpy(other, "other  >rly");
+  strlcpy(other, "other  >rly", bufsiz);
 }
 
 static void kill_relay(int idx, void *x)

+ 21 - 43
src/chanprog.c

@@ -242,28 +242,6 @@ void checkchans(int which)
 
 }
 
-/* Dump uptime info out to dcc (guppy 9Jan99)
- */
-static void tell_time(time_t time, char *s)
-{
-  time_t now2, hr, min;
-
-  s[0] = 0;
-  now2 = now - time;
-  if (now2 > 86400) {
-    /* days */
-    simple_sprintf(s, "%d day", (int) (now2 / 86400));
-    if ((int) (now2 / 86400) >= 2)
-      strcat(s, "s");
-    strcat(s, ", ");
-    now2 -= (((int) (now2 / 86400)) * 86400);
-  }
-  hr = (time_t) ((int) now2 / 3600);
-  now2 -= (hr * 3600);
-  min = (time_t) ((int) now2 / 60);
-  sprintf(&s[strlen(s)], "%02d:%02d", (int) hr, (int) min);
-}
-
 void tell_verbose_uptime(int idx)
 {
   char s[256] = "", s1[121] = "", s2[81] = "", outbuf[501] = "";
@@ -276,18 +254,19 @@ void tell_verbose_uptime(int idx)
 # endif
 #endif /* HAVE_GETRUSAGE */
 
-  tell_time(online_since, s);
+  daysdur(now, online_since, s, sizeof(s));
+
   if (backgrd)
-    strcpy(s1, "background");
+    strlcpy(s1, "background", sizeof(s1));
   else {
     if (term_z)
-      strcpy(s1, "terminal mode");
+      strlcpy(s1, "terminal mode", sizeof(s1));
     else
-      strcpy(s1, "log dump mode");
+      strlcpy(s1, "log dump mode", sizeof(s1));
   }
   simple_snprintf(outbuf, sizeof(outbuf), "Online for %s", s);
   if (restart_time) {
-    tell_time(restart_time, s);
+    daysdur(now, restart_time, s, sizeof(s));
     simple_snprintf(outbuf, sizeof(outbuf), "%s (%s %s)", outbuf, restart_was_update ? "updated" : "restarted", s);
   }
 
@@ -296,15 +275,13 @@ void tell_verbose_uptime(int idx)
   total = ru.ru_utime.tv_sec + ru.ru_stime.tv_sec;
   hr = (int) (total / 60);
   min = (int) (total - (hr * 60));
-  sprintf(s2, "CPU %02d:%02d (load avg %3.1f%%)", (int) hr, (int) min, 
-  100.0 * ((float) total / (float) (now - online_since)));
+  snprintf(s2, sizeof(s2), "CPU %02d:%02d (load avg %3.1f%%)", (int) hr, (int) min, 100.0 * ((float) total / (float) (now - online_since)));
 #else
 # if HAVE_CLOCK
   cl = (clock() / CLOCKS_PER_SEC);
   hr = (int) (cl / 60);
   min = (int) (cl - (hr * 60));
-  sprintf(s2, "CPU %02d:%02d (load avg %3.1f%%)", (int) hr, (int) min,
-  100.0 * ((float) cl / (float) (now - online_since)));
+  snprintf(s2, sizeof(s2), "CPU %02d:%02d (load avg %3.1f%%)", (int) hr, (int) min,  100.0 * ((float) cl / (float) (now - online_since)));
 # else
   simple_snprintf(s2, sizeof(s2), "CPU ???");
 # endif
@@ -390,7 +367,7 @@ void reaffirm_owners()
       q = p + 1;
       p = strchr(q, ',');
     }
-    strcpy(s, q);
+    strlcpy(s, q, sizeof(s));
     rmspace(s);
     u = get_user_by_handle(userlist, s);
     if (u)
@@ -801,21 +778,22 @@ int do_chanset(char *result, struct chanset_t *chan, const char *options, int lo
   int ret = OK;
 
   if (local & DO_NET) {
-    char *buf = NULL;
+    size_t bufsiz = 0;
          /* malloc(options,chan,'cset ',' ',+ 1) */
     if (chan)
-      buf = (char *) my_calloc(1, strlen(options) + strlen(chan->dname) + 5 + 1 + 1);
+      bufsiz = strlen(options) + strlen(chan->dname) + 5 + 1 + 1;
     else
-      buf = (char *) my_calloc(1, strlen(options) + 1 + 5 + 1 + 1);
+      bufsiz = strlen(options) + 1 + 5 + 1 + 1;
+    
+    char *buf = (char*) my_calloc(1, bufsiz);
 
-    strcat(buf, "cset ");
+    strlcat(buf, "cset ", bufsiz);
     if (chan)
-      strcat(buf, chan->dname);
+      strlcat(buf, chan->dname, bufsiz);
     else
-      strcat(buf, "*");
-    strcat(buf, " ");
-    strcat(buf, options);
-    buf[strlen(buf)] = 0;
+      strlcat(buf, "*", bufsiz);
+    strlcat(buf, " ", bufsiz);
+    strlcat(buf, options, bufsiz);
     putlog(LOG_DEBUG, "*", "sending out cset: %s", buf);
     putallbots(buf); 
     free(buf);
@@ -865,8 +843,8 @@ samechans(const char *nick, const char *delim)
   ret[0] = 0;		/* may be filled from last time */
   for (chan = chanset; chan; chan = chan->next) {
     if (ismember(chan, nick)) {
-      strcat(ret, chan->dname);
-      strcat(ret, delim);
+      strlcat(ret, chan->dname, sizeof(ret));
+      strlcat(ret, delim, sizeof(ret));
     }
   }
   ret[strlen(ret) - 1] = 0;

+ 1 - 1
src/chanprog.h

@@ -31,7 +31,7 @@ bool is_hub(const char*);
 void load_internal_users();
 
 extern struct chanset_t		*chanset;
-extern char			admin[], origbotnick[NICKLEN + 1], origbotname[NICKLEN + 1], jupenick[NICKLEN], botname[];
+extern char			admin[], origbotnick[NICKLEN + 1], origbotname[NICKLEN + 1], jupenick[NICKLEN], botname[NICKLEN + 1];
 extern port_t			my_port;
 extern bool			reset_chans;
 

+ 84 - 80
src/cmds.c

@@ -105,20 +105,19 @@ static void tell_who(int idx, int chan)
     if (dcc[i].type && dcc[i].type == &DCC_CHAT)
       if (dcc[i].u.chat->channel == chan) {
 	if (atr & USER_OWNER) {
-	  egg_snprintf(format, sizeof format, "  [%%.2li]  %%c%%-%us %%s", nicklen);
-	  sprintf(s, format,
+	  simple_snprintf(format, sizeof format, "  [%%.2li]  %%c%%-%us %%s", nicklen);
+	  egg_snprintf(s, sizeof(s), format,
 		  dcc[i].sock, (geticon(i) == '-' ? ' ' : geticon(i)),
 		  dcc[i].nick, dcc[i].host);
 	} else {
-	  egg_snprintf(format, sizeof format, "  %%c%%-%us %%s", nicklen);
-	  sprintf(s, format,
+	  simple_snprintf(format, sizeof format, "  %%c%%-%us %%s", nicklen);
+	  egg_snprintf(s, sizeof(s), format,
 		  (geticon(i) == '-' ? ' ' : geticon(i)),
 		  dcc[i].nick, dcc[i].host);
 	}
 	if (atr & USER_MASTER) {
 	  if (dcc[i].u.chat->con_flags)
-	    sprintf(&s[strlen(s)], " (con:%s)",
-		    masktype(dcc[i].u.chat->con_flags));
+	    simple_sprintf(&s[strlen(s)], " (con:%s)", masktype(dcc[i].u.chat->con_flags));
 	}
 	if (now - dcc[i].timeval > 300) {
 	  unsigned long mydays, hrs, mins;
@@ -127,11 +126,11 @@ static void tell_who(int idx, int chan)
 	  hrs = ((now - dcc[i].timeval) - (mydays * 86400)) / 3600;
 	  mins = ((now - dcc[i].timeval) - (hrs * 3600)) / 60;
 	  if (mydays > 0)
-	    sprintf(&s[strlen(s)], " (idle %lud%luh)", mydays, hrs);
+	    simple_sprintf(&s[strlen(s)], " (idle %lud%luh)", mydays, hrs);
 	  else if (hrs > 0)
-	    sprintf(&s[strlen(s)], " (idle %luh%lum)", hrs, mins);
+	    simple_sprintf(&s[strlen(s)], " (idle %luh%lum)", hrs, mins);
 	  else
-	    sprintf(&s[strlen(s)], " (idle %lum)", mins);
+	    simple_sprintf(&s[strlen(s)], " (idle %lum)", mins);
 	}
 	dprintf(idx, "%s\n", s);
 	if (dcc[i].u.chat->away != NULL)
@@ -146,14 +145,14 @@ static void tell_who(int idx, int chan)
       egg_strftime(s, 20, "%d %b %H:%M %Z", gmtime(&dcc[i].timeval));
       s[20] = 0;
       if (atr & USER_OWNER) {
-        egg_snprintf(format, sizeof format, "  [%%.2lu]  %%s%%c%%-%us (%%s) %%s\n", 
+        simple_snprintf(format, sizeof format, "  [%%.2lu]  %%s%%c%%-%us (%%s) %%s\n", 
 			    nicklen);
 	dprintf(idx, format,
 		dcc[i].sock, dcc[i].status & STAT_CALLED ? "<-" : "->",
 		dcc[i].status & STAT_SHARE ? '+' : ' ',
 		dcc[i].nick, s, dcc[i].u.bot->version);
       } else {
-        egg_snprintf(format, sizeof format, "  %%s%%c%%-%us (%%s) %%s\n", nicklen);
+        simple_snprintf(format, sizeof format, "  %%s%%c%%-%us (%%s) %%s\n", nicklen);
 	dprintf(idx, format,
 		dcc[i].status & STAT_CALLED ? "<-" : "->",
 		dcc[i].status & STAT_SHARE ? '+' : ' ',
@@ -169,34 +168,33 @@ static void tell_who(int idx, int chan)
 	dprintf(idx, "Other people on the bot:\n");
       }
       if (atr & USER_OWNER) {
-	egg_snprintf(format, sizeof format, "  [%%.2lu]  %%c%%-%us ", nicklen);
-	sprintf(s, format, dcc[i].sock,
+	simple_snprintf(format, sizeof format, "  [%%.2lu]  %%c%%-%us ", nicklen);
+	egg_snprintf(s, sizeof(s), format, dcc[i].sock,
 		(geticon(i) == '-' ? ' ' : geticon(i)), dcc[i].nick);
       } else {
-	egg_snprintf(format, sizeof format, "  %%c%%-%us ", nicklen);
-	sprintf(s, format,
+	simple_snprintf(format, sizeof format, "  %%c%%-%us ", nicklen);
+	egg_snprintf(s, sizeof(s), format,
 		(geticon(i) == '-' ? ' ' : geticon(i)), dcc[i].nick);
       }
       if (atr & USER_MASTER) {
 	if (dcc[i].u.chat->channel < 0)
-	  strcat(s, "(-OFF-) ");
+	  strlcat(s, "(-OFF-) ", sizeof(s));
 	else if (!dcc[i].u.chat->channel)
-	  strcat(s, "(party) ");
+	  strlcat(s, "(party) ", sizeof(s));
 	else
 	  sprintf(&s[strlen(s)], "(%5d) ", dcc[i].u.chat->channel);
       }
-      strcat(s, dcc[i].host);
+      strlcat(s, dcc[i].host, sizeof(s));
       if (atr & USER_MASTER) {
 	if (dcc[i].u.chat->con_flags)
-	  sprintf(&s[strlen(s)], " (con:%s)",
-		  masktype(dcc[i].u.chat->con_flags));
+	  simple_sprintf(&s[strlen(s)], " (con:%s)", masktype(dcc[i].u.chat->con_flags));
       }
       if (now - dcc[i].timeval > 300) {
 	k = (now - dcc[i].timeval) / 60;
 	if (k < 60)
-	  sprintf(&s[strlen(s)], " (idle %dm)", k);
+	  simple_sprintf(&s[strlen(s)], " (idle %dm)", k);
 	else
-	  sprintf(&s[strlen(s)], " (idle %dh%dm)", k / 60, k % 60);
+	  simple_sprintf(&s[strlen(s)], " (idle %dh%dm)", k / 60, k % 60);
       }
       dprintf(idx, "%s\n", s);
       if (dcc[i].u.chat->away != NULL)
@@ -370,7 +368,7 @@ static void cmd_motd(int idx, char *par)
     size = strlen(par) + 1 + strlen(dcc[idx].nick) + 10 + 1 + 1;
     s = (char *) my_calloc(1, size); /* +2: ' 'x2 */
 
-    egg_snprintf(s, size, "%s %li %s", dcc[idx].nick, (long)now, par);
+    simple_snprintf(s, size, "%s %li %s", dcc[idx].nick, (long)now, par);
     var_set_by_name(NULL, "motd", s);
     free(s);
     dprintf(idx, "Motd set\n");
@@ -445,18 +443,18 @@ static void cmd_addline(int idx, char *par)
   }
 
   struct list_type *q = (struct list_type *) get_user(&USERENTRY_HOSTS, u);
-  char *hostbuf = NULL, *outbuf = NULL;
-  size_t siz = 0;
+  char *hostbuf = (char *) my_calloc(1, 1);
+  size_t siz = 1;
   
-  hostbuf = (char *) my_calloc(1, 1);
   for (; q; q = q->next) {
-    hostbuf = (char *) my_realloc(hostbuf, strlen(hostbuf) + strlen(q->extra) + 2);
-    strcat(hostbuf, q->extra);
-    strcat(hostbuf, " ");
+    siz = strlen(hostbuf) + strlen(q->extra) + 2;
+    hostbuf = (char *) my_realloc(hostbuf, siz);
+    strlcat(hostbuf, q->extra, siz);
+    strlcat(hostbuf, " ", siz);
   }
   siz = strlen(hostbuf) + strlen(u->handle) + 19 + 1;
 
-  outbuf = (char *) my_calloc(1, siz);
+  char *outbuf = (char *) my_calloc(1, siz);
   simple_snprintf(outbuf, siz, "Addline: +user %s %s", u->handle, hostbuf);
   dumplots(idx, "", outbuf);
   free(hostbuf);
@@ -576,14 +574,16 @@ static int my_cmp(const mycmds *c1, const mycmds *c2)
 static void cmd_nohelp(int idx, char *par)
 {
   char *buf = (char *) my_calloc(1, 1);
+  size_t siz = 1;
   bind_entry_t *entry = NULL;
   bind_table_t *table = bind_table_lookup("dcc");
 
   for (entry = table->entries; entry; entry = entry->next) {
     if (findhelp(entry->mask) == NULL) {
-      buf = (char *) my_realloc(buf, strlen(buf) + 2 + strlen(entry->mask) + 1);
-      strcat(buf, entry->mask);
-      strcat(buf, ", ");
+      siz = strlen(buf) + 2 + strlen(entry->mask) + 1;
+      buf = (char *) my_realloc(buf, siz);
+      strlcat(buf, entry->mask, siz);
+      strlcat(buf, ", ", siz);
     }
   }
   buf[strlen(buf) - 1] = 0;
@@ -688,6 +688,7 @@ static void cmd_help(int idx, char *par)
             /* we dumped the buf to dprintf, now start a new one... */
             simple_snprintf(buf, sizeof(buf), "  ");
           }
+          //This overlaps, behavior undefined with snprintf.
           sprintf(buf, "%s%-14.14s", buf[0] ? buf : "", cmdlist[n].name);
           first = 0;
           end = 0;
@@ -821,7 +822,7 @@ static void cmd_uptime(int idx, char *par)
   tell_verbose_uptime(idx);
 }
 
-static void print_users(char *work, int idx, int *cnt, int *tt, int bot, int flags, int notflags, const char *str)
+static void print_users(char *work, int idx, int *cnt, int *tt, int bot, int flags, int notflags, const char *str, size_t worksiz)
 {
   struct userrec *u = NULL;
 
@@ -832,11 +833,11 @@ static void print_users(char *work, int idx, int *cnt, int *tt, int bot, int fla
          ((!notflags) || !(u->flags & notflags)) &&
           (!bot || (bot == 2 && bot_hublevel(u) < 999) || (bot == 1 && bot_hublevel(u) == 999))) {
       if (!*cnt)
-        sprintf(work, "%-11s: ", str); 
+        egg_snprintf(work, worksiz, "%-11s: ", str);
       else
-        simple_sprintf(work, "%s, ", work[0] ? work : "");
+        simple_snprintf(work, worksiz, "%s, ", work[0] ? work : "");
 
-      strcat(work, u->handle);
+      strlcat(work, u->handle, worksiz);
       (*cnt)++;
       (*tt)++;
       if (*cnt == 11) {
@@ -853,7 +854,7 @@ static void print_users(char *work, int idx, int *cnt, int *tt, int bot, int fla
   *cnt = 0;
 }
 
-#define PRINT_USERS(bot, flags, notflags, str)	print_users(work, idx, &cnt, &tt, bot, flags, notflags, str)
+#define PRINT_USERS(bot, flags, notflags, str)	print_users(work, idx, &cnt, &tt, bot, flags, notflags, str, sizeof(work))
 
 static void cmd_userlist(int idx, char *par)
 {
@@ -1000,7 +1001,7 @@ static void cmd_console(int idx, char *par)
   struct chanset_t *chan = NULL;
 
   get_user_flagrec(dcc[idx].user, &fr, dcc[idx].u.chat->con_chan);
-  strcpy(s1, par);
+  strlcpy(s1, par, sizeof(s1));
   nick = newsplit(&par);
   /* Don't remove '+' as someone couldn't have '+' in CHANMETA cause
    * he doesn't use IRCnet ++rtc.
@@ -1956,8 +1957,8 @@ static void cmd_timers(int idx, char *par)
 
       timer_info(ids[i], &name, &howlong, &trigger_time, &called);
       timer_diff(&mynow, &trigger_time, &diff);
-      egg_snprintf(interval, sizeof interval, "(%li.%li secs)", howlong.sec, howlong.usec);
-      egg_snprintf(next, sizeof next, "%li.%li secs", diff.sec, diff.usec);
+      simple_snprintf(interval, sizeof interval, "(%li.%li secs)", howlong.sec, howlong.usec);
+      simple_snprintf(next, sizeof next, "%li.%li secs", diff.sec, diff.usec);
       dprintf(idx, "%-2d: %-25s %-15s Next: %-25s Called: %d\n", i, name, interval, next, called);
     }
     free(ids);
@@ -2073,21 +2074,20 @@ static void cmd_relay(int idx, char *par)
 static void cmd_save(int idx, char *par)
 {
   char buf[100] = "";
-  int i = 0;
 
   putlog(LOG_CMDS, "*", "#%s# save", dcc[idx].nick);
   simple_snprintf(buf, sizeof(buf), "Saving user file...");
-  i = write_userfile(-1);
+  int i = write_userfile(-1);
   if (i == 0)
-    strcat(buf, "success.");
+    strlcat(buf, "success.", sizeof(buf));
   else if (i == 1)
-    strcat(buf, "failed: No userlist.");
+    strlcat(buf, "failed: No userlist.", sizeof(buf));
   else if (i == 2)
-    strcat(buf, "failed: Cannot open userfile for writing.");
+    strlcat(buf, "failed: Cannot open userfile for writing.", sizeof(buf));
   else if (i == 3)
-    strcat(buf, "failed: Problem writing users/chans (see debug).");
+    strlcat(buf, "failed: Problem writing users/chans (see debug).", sizeof(buf));
   else		/* This can't happen. */
-    strcat(buf, "failed: Unforseen error");
+    strlcat(buf, "failed: Unforseen error", sizeof(buf));
 
   dprintf(idx, "%s\n", buf);
 }
@@ -2127,7 +2127,7 @@ static void cmd_trace(int idx, char *par)
 
   timer_get_now(&tv);
 
-  egg_snprintf(y, sizeof(y), ":%li", (long) ((tv.sec % 10000) * 100 + (tv.usec * 100) / (1000000)));
+  simple_snprintf(y, sizeof(y), ":%li", (long) ((tv.sec % 10000) * 100 + (tv.usec * 100) / (1000000)));
   botnet_send_trace(i, x, par, y);
 }
 
@@ -2253,6 +2253,7 @@ int check_dcc_chanattrs(struct userrec *u, char *chname, flag_t chflags, flag_t
 
   int found = 0, atr = u ? u->flags : 0;
   struct chanset_t *chan = NULL;
+  struct chat_info dummy;
 
   for (int i = 0; i < dcc_total; i++) {
     if (dcc[i].type && dcc[i].simul == -1 && (dcc[i].type->flags & DCT_MASTER) && !egg_strcasecmp(u->handle, dcc[i].nick)) {
@@ -2296,9 +2297,9 @@ int check_dcc_chanattrs(struct userrec *u, char *chname, flag_t chflags, flag_t
 	if (!chan)
 	  chan = chanset;
 	if (chan)
-	  strcpy(dcc[i].u.chat->con_chan, chan->dname);
+	  strlcpy(dcc[i].u.chat->con_chan, chan->dname, sizeof(dummy.con_chan));
 	else
-	  strcpy(dcc[i].u.chat->con_chan, "*");
+	  strlcpy(dcc[i].u.chat->con_chan, "*", 2);
       }
     }
   }
@@ -2370,9 +2371,10 @@ static void cmd_chattr(int idx, char *par)
 	return;
       }
     } else if (arg && !strpbrk(chg, "&|")) {
-      tmpchg = (char *) my_calloc(1, strlen(chg) + 2);
-      strcpy(tmpchg, "|");
-      strcat(tmpchg, chg);
+      size_t tmpsiz = strlen(chg) + 2;
+      tmpchg = (char *) my_calloc(1, tmpsiz);
+      strlcpy(tmpchg, "|", 2);
+      strlcat(tmpchg, chg, tmpsiz);
       chg = tmpchg;
     }
   }
@@ -2900,7 +2902,7 @@ static char *stripmaskname(int x)
   if (x & STRIP_BELLS)
     i += my_strcpy(s + i, "bells, ");
   if (!i)
-    strcpy(s, "none");
+    strlcpy(s, "none", sizeof(s));
   else
     s[i - 2] = 0;
   return s;
@@ -3037,7 +3039,7 @@ static void cmd_su(int idx, char *par)
         dcc[idx].u.chat->su_channel = dcc[idx].u.chat->channel;
 
 	dcc[idx].user = u;
-	strcpy(dcc[idx].nick, par);
+	strlcpy(dcc[idx].nick, par, NICKLEN);
 	/* Display password prompt and turn off echo (send IAC WILL ECHO). */
 	dprintf(idx, "Enter password for %s%s\n", par,
 		(dcc[idx].status & STAT_TELNET) ? TLN_IAC_C TLN_WILL_C
@@ -3054,7 +3056,7 @@ static void cmd_su(int idx, char *par)
         dcc[idx].u.chat->su_nick = strdup(dcc[idx].nick);
         dcc[idx].u.chat->su_channel = dcc[idx].u.chat->channel;
 	dcc[idx].user = u;
-	strcpy(dcc[idx].nick, par);
+	strlcpy(dcc[idx].nick, par, NICKLEN);
 	dcc_chatter(idx);
       }
     }
@@ -3140,7 +3142,7 @@ static void cmd_newleaf(int idx, char *par)
 
     bi->uplink = (char *) my_calloc(1, strlen(conf.bot->nick) + 1); 
 /*      strcpy(bi->uplink, conf.bot->nick); */
-    strcpy(bi->uplink, "");
+    bi->uplink[0] = 0;
 
     bi->address = (char *) my_calloc(1, 1);
     bi->telnet_port = 3333;
@@ -3148,7 +3150,7 @@ static void cmd_newleaf(int idx, char *par)
     bi->hublevel = 999;
     set_user(&USERENTRY_BOTADDR, u1, bi);
     /* set_user(&USERENTRY_PASS, u1, settings.salt2); */
-    egg_snprintf(tmp, sizeof(tmp), "%li %s", (long) now, dcc[idx].nick);
+    simple_snprintf(tmp, sizeof(tmp), "%li %s", (long) now, dcc[idx].nick);
     set_user(&USERENTRY_ADDED, u1, tmp);
     dprintf(idx, "Added new leaf: %s\n", handle);
     while (par[0]) {
@@ -3182,6 +3184,7 @@ static void cmd_nopass(int idx, char *par)
   int cnt = 0;
   struct userrec *cu = NULL;
   char *users = (char *) my_calloc(1, 1), pass[MAXPASSLEN] = "";
+  size_t userssiz = 1;
   bool dopass = 0;
 
   putlog(LOG_CMDS, "*", "#%s# nopass %s", dcc[idx].nick, (par && par[0]) ? par : "");
@@ -3198,9 +3201,10 @@ static void cmd_nopass(int idx, char *par)
           make_rand_str(pass, MAXPASSLEN);
           set_user(&USERENTRY_PASS, cu, pass);
         } else {
-          users = (char *) my_realloc(users, strlen(users) + strlen(cu->handle) + 1 + 1);
-          strcat(users, cu->handle);
-          strcat(users, " ");
+          userssiz = strlen(users) + strlen(cu->handle) + 1 + 1;
+          users = (char *) my_realloc(users, userssiz);
+          strlcat(users, cu->handle, userssiz);
+          strlcat(users, " ", userssiz);
         }
       }
     }
@@ -3276,7 +3280,7 @@ static void cmd_pls_ignore(int idx, char *par)
   } else if (!strchr(who, '@'))
     simple_snprintf(s, sizeof(s), "%s@*", who);
   else
-    strcpy(s, who);
+    strlcpy(s, who, sizeof(s));
 
   if (match_ignore(s))
     dprintf(idx, "That already matches an existing ignore.\n");
@@ -3351,7 +3355,7 @@ static void cmd_pls_user(int idx, char *par)
 
     userlist = adduser(userlist, handle, phost, "-", USER_DEFAULT, 0);
     u2 = get_user_by_handle(userlist, handle);
-    egg_snprintf(tmp, sizeof(tmp), "%li %s", (long)now, dcc[idx].nick);
+    simple_snprintf(tmp, sizeof(tmp), "%li %s", (long)now, dcc[idx].nick);
     set_user(&USERENTRY_ADDED, u2, tmp);
     dprintf(idx, "Added %s (%s) with no flags.\n", handle, phost);
     while (par[0]) {
@@ -3748,13 +3752,13 @@ static void cmd_botserver(int idx, char * par) {
 
 static void rcmd_cursrv(char * fbot, char * fhand, char * fidx) {
   if (!conf.bot->hub) {
-    char tmp[512] = "";
+    char tmp[120] = "";
 
     if (server_online) {
       if (floodless)
-        sprintf(tmp, "Currently: %-40s Lag: %ds [floodless ;)]", cursrvname, server_lag);
+        egg_snprintf(tmp, sizeof(tmp), "Currently: %-40s Lag: %ds [floodless ;)]", cursrvname, server_lag);
       else
-        sprintf(tmp, "Currently: %-40s Lag: %ds", cursrvname, server_lag);
+        egg_snprintf(tmp, sizeof(tmp), "Currently: %-40s Lag: %ds", cursrvname, server_lag);
     } else
       simple_snprintf(tmp, sizeof(tmp), "Currently: none");
 
@@ -3766,15 +3770,15 @@ static void cmd_timesync(int idx, char *par) {
   char tmp[30] = "";
 
   putlog(LOG_CMDS, "*", "#%s# timesync", dcc[idx].nick);
-  egg_snprintf(tmp, sizeof(tmp), "timesync %li", (long)(timesync + now));
+  simple_snprintf(tmp, sizeof(tmp), "timesync %li", (long)(timesync + now));
   botnet_send_cmd_broad(-1, conf.bot->nick, dcc[idx].nick, idx, tmp);
 }
 
 static void rcmd_timesync(char *frombot, char *fromhand, char *fromidx, char *par) {
-  char tmp[1024] = "";
+  char tmp[100] = "";
   long net = atol(par);
 
-  sprintf(tmp, "NET: %li    ME: %li   DIFF: %d", net, (long)timesync + now, (int) ((timesync+now) - net));
+  simple_snprintf(tmp, sizeof(tmp), "NET: %li    ME: %li   DIFF: %d", net, (long)timesync + now, (int) ((timesync+now) - net));
   botnet_send_cmdreply(conf.bot->nick, frombot, fromhand, fromidx, tmp);
 }
 
@@ -3803,7 +3807,7 @@ static void rcmd_ver(char * fbot, char * fhand, char * fidx) {
 
   simple_snprintf(tmp, sizeof(tmp), "%s ", version);
   if (uname(&un) < 0) {
-    strcat(tmp, "(unknown OS)");
+    strlcat(tmp, "(unknown OS)", sizeof(tmp));
   } else {
     if (updated) {
       simple_snprintf(tmp, sizeof(tmp), "%s %s %s (%s) - UPDATED", tmp, un.sysname, un.release, un.machine);
@@ -3842,7 +3846,7 @@ static void rcmd_curnick(char * fbot, char * fhand, char * fidx) {
     char tmp[301] = "";
 
     if (server_online)
-      sprintf(tmp, "Currently: %-20s ", botname);
+      egg_snprintf(tmp, sizeof(tmp), "Currently: %-20s ", botname);
     if (jupenick[0] && strncmp(botname, jupenick, strlen(botname)))
       simple_snprintf(tmp, sizeof(tmp), "%sJupe: %s", tmp, jupenick);
     else if (jupenick[0] && strcmp(botname, origbotname))
@@ -3918,7 +3922,7 @@ static void cmd_netlag(int idx, char * par) {
   putlog(LOG_CMDS, "*", "#%s# netlag", dcc[idx].nick);
   
   timer_get_now(&tv);
-  egg_snprintf(tmp, sizeof(tmp), "ping %li", (long) ((tv.sec % 10000) * 100 + (tv.usec * 100) / (1000000)));
+  simple_snprintf(tmp, sizeof(tmp), "ping %li", (long) ((tv.sec % 10000) * 100 + (tv.usec * 100) / (1000000)));
   dprintf(idx, "Sent ping to all linked bots\n");
   botnet_send_cmd_broad(-1, conf.bot->nick, dcc[idx].nick, idx, tmp);
 }
@@ -3944,11 +3948,11 @@ static void rcmd_pong(char *frombot, char *fromhand, char *fromidx, char *par) {
 
 /* exec commands */
 static void cmd_netw(int idx, char * par) {
-  char tmp[128] = "";
 
   putlog(LOG_CMDS, "*", "#%s# netw", dcc[idx].nick);
 
-  strcpy(tmp, "exec w");
+  char tmp[7] = "";
+  strlcpy(tmp, "exec w", sizeof(tmp));
   botnet_send_cmd_broad(-1, conf.bot->nick, dcc[idx].nick, idx, tmp);
 }
 
@@ -4100,7 +4104,7 @@ static void rcmd_exec(char * frombot, char * fromhand, char * fromidx, char * pa
 
   cmd = newsplit(&par);
   if (!strcmp(cmd, "w")) {
-    strcpy(scmd, "w");
+    strlcpy(scmd, "w", 2);
   } else if (!strcmp(cmd, "last")) {
     char user[20] = "";
 
@@ -4121,7 +4125,7 @@ static void rcmd_exec(char * frombot, char * fromhand, char * fromidx, char * pa
     char *code = newsplit(&par);
 
     if (!strcmp(code, "show")) {
-      strcpy(scmd, "crontab -l | grep -v \"^#\"");
+      strlcpy(scmd, "crontab -l | grep -v \"^#\"", sizeof(scmd));
     } else if (!strcmp(code, "delete")) {
       crontab_del();
     } else if (!strcmp(code, "new")) {
@@ -4367,9 +4371,9 @@ static char *btos(unsigned long  bytes)
     xbytes = xbytes / 1024.0;
   }
   if (bytes > 1024)
-    sprintf(traffictxt, "%.2f %s", xbytes, unit);
+    egg_snprintf(traffictxt, sizeof(traffictxt), "%.2f %s", xbytes, unit);
   else
-    sprintf(traffictxt, "%lu Bytes", bytes);
+    simple_snprintf(traffictxt, sizeof(traffictxt), "%lu Bytes", bytes);
   return traffictxt;
 }
 
@@ -4401,7 +4405,7 @@ static void cmd_quit(int idx, char *text)
 
 	if (dcc[idx].u.chat->su_nick) {
 		dcc[idx].user = get_user_by_handle(userlist, dcc[idx].u.chat->su_nick);
-		strcpy(dcc[idx].nick, dcc[idx].u.chat->su_nick);
+		strlcpy(dcc[idx].nick, dcc[idx].u.chat->su_nick, NICKLEN);
                 dcc[idx].u.chat->channel = dcc[idx].u.chat->su_channel;
 		dcc[idx].type = &DCC_CHAT;
 		dprintf(idx, "Returning to real nick %s!\n", dcc[idx].u.chat->su_nick);

+ 1 - 1
src/compat/inet_ntop.c

@@ -166,7 +166,7 @@ egg_inet_ntop6(const u_char *src, char *dst, socklen_t size)
 			tp += strlen(tp);
 			break;
 		}
-		tp += SPRINTF((tp, "%x", words[i]));
+		tp += simple_snprintf(tp, sizeof(tmp), "%x", words[i]);
 	}
 	/* Was it a trailing run of 0x00's? */
 	if (best.base != -1 && (best.base + best.len) ==

+ 1 - 1
src/compat/snprintf.c

@@ -630,7 +630,7 @@ fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
 	}
 }
 
-static void 
+inline static void 
 dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
 {
 	if (*currlen < maxlen)

+ 6 - 5
src/core_binds.c

@@ -122,12 +122,12 @@ bool check_aliases(int idx, const char *cmd, const char *args)
         pass = newsplit(&argsdup);
         simple_snprintf(myargs, size, "%s", pass);
         if (a && a[0]) {
-          strcat(myargs, " ");
-          strcat(myargs, a);
+          strlcat(myargs, " ", size);
+          strlcat(myargs, a, size);
         }
         if (argsdup[0]) { /* was split */
-          strcat(myargs, " ");
-          strcat(myargs, argsdup);
+          strlcat(myargs, " ", size);
+          strlcat(myargs, argsdup, size);
         }
       } else {
         /* Otherwise, just construct it based on cmd and params if provided */
@@ -167,6 +167,7 @@ void real_check_bind_dcc(const char *cmd, int idx, const char *text, Auth *auth)
   bind_entry_t *entry = NULL;
   bind_table_t *table = NULL;
   char *args = strdup(text);
+  size_t args_siz = strlen(args) + 1;
 
   get_user_flagrec(dcc[idx].user, &fr, dcc[idx].u.chat->con_chan);
 
@@ -197,7 +198,7 @@ void real_check_bind_dcc(const char *cmd, int idx, const char *text, Auth *auth)
               strlcpy(work, args, sizeof(work));
               p = work;
               newsplit(&p);
-              strcpy(args, p);
+              strlcpy(args, p, args_siz);
             } else {
               dprintf(idx, "Invalid command password.\n");
               dprintf(idx, "Use: $b%scommand <password> [arguments]$b\n", (dcc[idx].u.chat->channel >= 0) ? settings.dcc_prefix : "");

+ 2 - 2
src/crypt.c

@@ -109,7 +109,7 @@ char *decrypt_string(const char *keydata, char *in)
     return res;
   } else {
     res = (char *) my_calloc(1, len + 1);
-    strcpy(res, in);
+    strlcpy(res, in, len + 1);
     return res;
   }
 }
@@ -121,7 +121,7 @@ void encrypt_cmd_pass(char *in, char *out)
   if (strlen(in) > MAXPASSLEN)
     in[MAXPASSLEN] = 0;
   tmp = encrypt_string(in, in);
-  strcpy(out, "+");
+  strlcpy(out, "+", 2);
   strlcat(out, tmp, MAXPASSLEN + 1);
   out[MAXPASSLEN] = 0;
   free(tmp);

+ 46 - 45
src/dcc.c

@@ -195,7 +195,7 @@ send_timesync(int idx)
   else {
     char s[15] = "";
 
-    egg_snprintf(s, sizeof(s), "ts %li\n", (long)(timesync + now));
+    simple_snprintf(s, sizeof(s), "ts %li\n", (long)(timesync + now));
     for (int i = 0; i < dcc_total; i++) {
       if (dcc[i].type && (dcc[i].type == &DCC_BOT) && (bot_aggressive_to(dcc[i].user))) {
         dprintf(i, s);
@@ -322,7 +322,7 @@ failed_link(int idx)
 
   if (dcc[idx].u.bot->linker[0]) {
     simple_snprintf(s, sizeof s, "Couldn't link to %s.", dcc[idx].nick);
-    strcpy(s1, dcc[idx].u.bot->linker);
+    strlcpy(s1, dcc[idx].u.bot->linker, sizeof(s1));
     add_note(s1, conf.bot->nick, s, -2, 0);
   }
   if (dcc[idx].u.bot->numver >= (-1))
@@ -437,9 +437,9 @@ timeout_dcc_bot_new(int idx)
 }
 
 static void
-display_dcc_bot_new(int idx, char *buf)
+display_dcc_bot_new(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "bot*  waited %ds", (int) (now - dcc[idx].timeval));
+  simple_snprintf(buf, bufsiz, "bot*  waited %ds", (int) (now - dcc[idx].timeval));
 }
 
 static void
@@ -509,9 +509,9 @@ eof_dcc_bot(int idx)
 }
 
 static void
-display_dcc_bot(int idx, char *buf)
+display_dcc_bot(int idx, char *buf, size_t bufsiz)
 {
-  size_t i = simple_sprintf(buf, "bot   flags: ");
+  size_t i = simple_snprintf(buf, bufsiz, "bot   flags: ");
 
   buf[i++] = b_status(idx) & STAT_PINGED ? 'P' : 'p';
   buf[i++] = b_status(idx) & STAT_SHARE ? 'U' : 'u';
@@ -534,9 +534,9 @@ display_dcc_bot(int idx, char *buf)
 }
 
 static void
-display_dcc_fork_bot(int idx, char *buf)
+display_dcc_fork_bot(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "conn  bot");
+  simple_snprintf(buf, bufsiz, "conn  bot");
 }
 
 struct dcc_table DCC_BOT = {
@@ -586,9 +586,9 @@ eof_dcc_identd(int idx)
 }
 
 static void
-display_dcc_identd(int idx, char *buf)
+display_dcc_identd(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "idtd  %d%s", dcc[idx].port, (dcc[idx].status & LSTN_PUBLIC) ? " pub" : "");
+  simple_snprintf(buf, bufsiz, "idtd  %d%s", dcc[idx].port, (dcc[idx].status & LSTN_PUBLIC) ? " pub" : "");
 }
 
 struct dcc_table DCC_IDENTD = {
@@ -634,8 +634,8 @@ dcc_identd_connect(int idx, char *buf, int atr)
   dcc[j].sock = sock;
   dcc[j].port = port;
   dcc[j].addr = dcc[idx].addr;
-  strcpy(dcc[j].host, dcc[idx].host);
-  strcpy(dcc[j].nick, "*");
+  strlcpy(dcc[j].host, dcc[idx].host, UHOSTLEN);
+  strlcpy(dcc[j].nick, "*", NICKLEN);
   /* dcc[j].uint.ident_sock = dcc[idx].sock; */
   dcc[j].timeval = now;
 }
@@ -708,7 +708,7 @@ dcc_chat_secpass(int idx, char *buf, int atr)
       if (dcc[idx].status & STAT_TELNET)
         dprintf(idx, TLN_IAC_C TLN_WONT_C TLN_ECHO_C "\n");
       dcc[idx].user = get_user_by_handle(userlist, dcc[idx].u.chat->away);
-      strcpy(dcc[idx].nick, dcc[idx].u.chat->away);
+      strlcpy(dcc[idx].nick, dcc[idx].u.chat->away, NICKLEN);
       free(dcc[idx].u.chat->away);
       free(dcc[idx].u.chat->su_nick);
       dcc[idx].u.chat->away = NULL;
@@ -743,9 +743,9 @@ tout_dcc_chat_secpass(int idx)
 }
 
 static void
-display_dcc_chat_secpass(int idx, char *buf)
+display_dcc_chat_secpass(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "secpass  waited %ds", (int) (now - dcc[idx].timeval));
+  simple_snprintf(buf, bufsiz, "secpass  waited %ds", (int) (now - dcc[idx].timeval));
 }
 
 static void
@@ -757,9 +757,9 @@ tout_dcc_chat_pass(int idx)
 }
 
 static void
-display_dcc_chat_pass(int idx, char *buf)
+display_dcc_chat_pass(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "pass  waited %ds", (int) (now - dcc[idx].timeval));
+  simple_snprintf(buf, bufsiz, "pass  waited %ds", (int) (now - dcc[idx].timeval));
 }
 
 static void
@@ -889,7 +889,7 @@ append_line(int idx, char *line)
     p->len = l;
     p->msg = (char *) my_calloc(1, l + 1);
     p->next = NULL;
-    strcpy(p->msg, line);
+    strlcpy(p->msg, line, l + 1);
 
     if (c->buffer == NULL)
       c->buffer = p;
@@ -1018,7 +1018,7 @@ dcc_chat_pass(int idx, char *buf, int atr)
       if (dcc[idx].status & STAT_TELNET)
         dprintf(idx, TLN_IAC_C TLN_WONT_C TLN_ECHO_C "\n");
       dcc[idx].user = get_user_by_handle(userlist, dcc[idx].u.chat->away);
-      strcpy(dcc[idx].nick, dcc[idx].u.chat->away);
+      strlcpy(dcc[idx].nick, dcc[idx].u.chat->away, NICKLEN);
       free(dcc[idx].u.chat->away);
       free(dcc[idx].u.chat->su_nick);
       dcc[idx].u.chat->away = NULL;
@@ -1239,9 +1239,9 @@ dcc_chat(int idx, char *buf, int len)
 }
 
 static void
-display_dcc_chat(int idx, char *buf)
+display_dcc_chat(int idx, char *buf, size_t bufsiz)
 {
-  size_t i = simple_sprintf(buf, "chat  flags: ");
+  size_t i = simple_snprintf(buf, bufsiz, "chat  flags: ");
   int colori = 0;
 
   buf[i++] = dcc[idx].status & STAT_CHAT ? 'C' : 'c';
@@ -1255,7 +1255,7 @@ display_dcc_chat(int idx, char *buf)
   if (sockprotocol(dcc[idx].sock) == AF_INET6 && dcc[idx].host6[0])
     buf[i++] = '6';
 #endif /* USE_IPV6 */
-  simple_sprintf(buf + i, "/%d", dcc[idx].u.chat->channel);
+  simple_snprintf(buf + i, bufsiz - i, "/%d", dcc[idx].u.chat->channel);
 }
 
 struct dcc_table DCC_CHAT = {
@@ -1286,7 +1286,7 @@ detect_telnet_flood(char *floodhost)
   if (!flood_telnet_thr || glob_noflood(fr))
     return 0;                   /* No flood protection */
   if (egg_strcasecmp(lasttelnethost, floodhost)) {      /* New... */
-    strcpy(lasttelnethost, floodhost);
+    strlcpy(lasttelnethost, floodhost, sizeof(lasttelnethost));
     lasttelnettime = now;
     lasttelnets = 0;
     return 0;
@@ -1376,14 +1376,14 @@ dcc_telnet(int idx, char *buf, int ii)
   dcc[i].addr = ip;
   dcc[i].sock = sock;
   dcc[i].user = get_user_by_host(x);		/* check for matching -telnet!telnet@ip */
-  strcpy(dcc[i].host, s);
+  strlcpy(dcc[i].host, s, UHOSTLEN);
 #ifdef USE_IPV6
   if (sockprotocol(sock) == AF_INET6)
-    strcpy(dcc[i].host6, s);
+    strlcpy(dcc[i].host6, s, sizeof(dcc[i].host6));
 #endif /* USE_IPV6 */
   dcc[i].port = port;
   dcc[i].timeval = now;
-  strcpy(dcc[i].nick, "*");
+  strlcpy(dcc[i].nick, "*", NICKLEN);
 
   dcc[i].u.dns->ibuf = idx;
 
@@ -1453,14 +1453,14 @@ static void dcc_telnet_dns_callback(int id, void *client_data, const char *ip, c
 
   if (sock < 0) {
     if (sock == -2)
-      strcpy(s, "DNS lookup failed for ident");
+      strlcpy(s, "DNS lookup failed for ident", UHOSTLEN);
     else
-      strcpy(s, strerror(errno));
+      strlcpy(s, strerror(errno), UHOSTLEN);
   } else {
     j = new_dcc(&DCC_IDENT, 0);
     if (j < 0) {
       killsock(sock);
-      strcpy(s, "No Free DCC's");
+      strlcpy(s, "No Free DCC's", UHOSTLEN);
     }
   }
   if (s[0]) {
@@ -1472,8 +1472,8 @@ static void dcc_telnet_dns_callback(int id, void *client_data, const char *ip, c
   dcc[j].sock = sock;
   dcc[j].port = 113;
   dcc[j].addr = dcc[i].addr;
-  strcpy(dcc[j].host, dcc[i].host);
-  strcpy(dcc[j].nick, "*");
+  strlcpy(dcc[j].host, dcc[i].host, UHOSTLEN);
+  strlcpy(dcc[j].nick, "*", NICKLEN);
   dcc[j].uint.ident_sock = dcc[i].sock;
   dcc[j].user = dcc[i].user;
   dcc[j].timeval = now;
@@ -1489,9 +1489,9 @@ eof_dcc_telnet(int idx)
 }
 
 static void
-display_telnet(int idx, char *buf)
+display_telnet(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "lstn  %d%s", dcc[idx].port, (dcc[idx].status & LSTN_PUBLIC) ? " pub" : "");
+  simple_snprintf(buf, bufsiz, "lstn  %d%s", dcc[idx].port, (dcc[idx].status & LSTN_PUBLIC) ? " pub" : "");
 }
 
 struct dcc_table DCC_TELNET = {
@@ -1543,9 +1543,9 @@ timeout_dupwait(int idx)
 }
 
 static void
-display_dupwait(int idx, char *buf)
+display_dupwait(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "wait  duplicate?");
+  simple_snprintf(buf, bufsiz, "wait  duplicate?");
 }
 
 static void
@@ -1641,7 +1641,7 @@ dcc_telnet_id(int idx, char *buf, int atr)
     return;
   }
   correct_handle(nick);
-  strcpy(dcc[idx].nick, nick);
+  strlcpy(dcc[idx].nick, nick, NICKLEN);
   if (dcc[idx].user->bot) {
     if (!egg_strcasecmp(conf.bot->nick, dcc[idx].nick)) {
       putlog(LOG_BOTS, "*", "Refused telnet connection from %s (tried using my botnetnick)", dcc[idx].host);
@@ -1695,7 +1695,8 @@ dcc_telnet_pass(int idx, int atr)
   if (!dcc[idx].bot) {
     //bots dont need this
     dcc[idx].u.chat = (struct chat_info *) my_calloc(1, sizeof(struct chat_info));
-    strcpy(dcc[idx].u.chat->con_chan, chanset ? chanset->dname : "*");
+    struct chat_info dummy;
+    strlcpy(dcc[idx].u.chat->con_chan, chanset ? chanset->dname : "*", sizeof(dummy.con_chan));
   }
 
   if (conf.bot->hub) {
@@ -1737,9 +1738,9 @@ timeout_dcc_telnet_id(int idx)
 }
 
 static void
-display_dcc_telnet_id(int idx, char *buf)
+display_dcc_telnet_id(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "t-in  waited %ds", (int) (now - dcc[idx].timeval));
+  simple_snprintf(buf, bufsiz, "t-in  waited %ds", (int) (now - dcc[idx].timeval));
 }
 
 struct dcc_table DCC_TELNET_ID = {
@@ -1768,9 +1769,9 @@ eof_dcc_socket(int idx)
 }
 
 static void
-display_dcc_socket(int idx, char *buf)
+display_dcc_socket(int idx, char *buf, size_t bufsiz)
 {
-  strcpy(buf, "sock  (stranded)");
+  strlcpy(buf, "sock  (stranded)", bufsiz);
 }
 
 struct dcc_table DCC_SOCKET = {
@@ -1809,9 +1810,9 @@ eof_dcc_identwait(int idx)
 }
 
 static void
-display_dcc_identwait(int idx, char *buf)
+display_dcc_identwait(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "idtw  waited %ds", (int) (now - dcc[idx].timeval));
+  simple_snprintf(buf, bufsiz, "idtw  waited %ds", (int) (now - dcc[idx].timeval));
 }
 
 struct dcc_table DCC_IDENTWAIT = {
@@ -1867,9 +1868,9 @@ eof_dcc_ident(int idx)
 }
 
 static void
-display_dcc_ident(int idx, char *buf)
+display_dcc_ident(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "idnt  (sock %d)", dcc[idx].uint.ident_sock);
+  simple_snprintf(buf, bufsiz, "idnt  (sock %d)", dcc[idx].uint.ident_sock);
 }
 
 struct dcc_table DCC_IDENT = {

+ 1 - 1
src/dcc.h

@@ -19,7 +19,7 @@ struct dcc_table {
   void (*activity) (int, char *, int);
   interval_t *timeout_val;
   void (*timeout) (int);
-  void (*display) (int, char *);
+  void (*display) (int, char *, size_t);
   void (*kill) (int, void *);
   void (*output) (int, char *, void *);
   void (*outdone) (int);

+ 19 - 18
src/dccutil.c

@@ -194,7 +194,7 @@ colorbuf(char *buf, size_t len, int idx)
     simple_snprintf(buf3, sizeof(buf3), "%s%s", buf3[0] ? buf3 : "", buf2[0] ? buf2 : "");
   }
   buf3[strlen(buf3)] = 0;
-  strcpy(buf, buf3);
+  strlcpy(buf, buf3, 1024);
 }
 
 /* Dump a potentially super-long string of text.
@@ -317,7 +317,7 @@ dprintf(int idx, const char *format, ...)
 
     if (len > 1000) {           /* Truncate to fit */
       buf[1000] = 0;
-      strcat(buf, "\n");
+      strlcat(buf, "\n", sizeof(buf));
       len = 1001;
     }
     if (dcc[idx].simul >= 0 && !dcc[idx].irc) {
@@ -396,7 +396,8 @@ dcc_chatter(int idx)
     dprintf(idx, "You don't have partyline chat access; commands only.\n\n");
   } 
 
-  strcpy(dcc[idx].u.chat->con_chan, "***");
+  struct chat_info dummy;
+  strlcpy(dcc[idx].u.chat->con_chan, "***", sizeof(dummy.con_chan));
   check_bind_chon(dcc[idx].nick, idx);
 
   dprintf(idx, "Connected to %s, running %s\n", conf.bot->nick, version);
@@ -424,7 +425,7 @@ dcc_chatter(int idx)
 
   if (dcc[idx].type == &DCC_CHAT) {
     if (!strcmp(dcc[idx].u.chat->con_chan, "***"))
-      strcpy(dcc[idx].u.chat->con_chan, "*");
+      strlcpy(dcc[idx].u.chat->con_chan, "*", sizeof(dummy.con_chan));
 
     if (dcc[idx].u.chat->channel == -2)
       dcc[idx].u.chat->channel = 0;
@@ -585,12 +586,12 @@ tell_dcc(int idx)
   if (nicklen < 9)
     nicklen = 9;
 
-  egg_snprintf(format, sizeof format, "%%-4s %%-4s %%-8s %%-5s %%-%us %%-40s %%s\n", nicklen);
+  simple_snprintf(format, sizeof format, "%%-4s %%-4s %%-8s %%-5s %%-%us %%-40s %%s\n", nicklen);
   dprintf(idx, format, "SOCK", "IDX", "ADDR", "PORT", "NICK", "HOST", "TYPE");
   dprintf(idx, format, "----", "---", "--------", "-----", "---------",
           "----------------------------------------", "----");
 
-  egg_snprintf(format, sizeof format, "%%-4d %%-4d %%08X %%5u %%-%us %%-40s %%s\n", nicklen);
+  simple_snprintf(format, sizeof format, "%%-4d %%-4d %%08X %%5u %%-%us %%-40s %%s\n", nicklen);
 
   dprintf(idx, "dccn: %d, dcc_total: %d\n", dccn, dcc_total);
   dprintf(idx, "dns_idx: %d, servidx: %d\n", dns_idx, servidx);
@@ -602,9 +603,9 @@ tell_dcc(int idx)
       else
         j = 0;
       if (dcc[i].type && dcc[i].type->display)
-        dcc[i].type->display(i, other);
+        dcc[i].type->display(i, other, sizeof(other));
       else {
-        sprintf(other, "?:%lX  !! ERROR !!", (long) dcc[i].type);
+        simple_snprintf(other, sizeof(other), "?:%lX  !! ERROR !!", (long) dcc[i].type);
         break;
       }
       dprintf(idx, format, dcc[i].sock, i, dcc[i].addr, dcc[i].port, dcc[i].nick, dcc[i].host + j, other);
@@ -806,7 +807,7 @@ do_boot(int idx, const char *by, const char *reason)
 
   if (dcc[idx].u.chat->su_nick) {
     dcc[idx].user = get_user_by_handle(userlist, dcc[idx].u.chat->su_nick);
-    strcpy(dcc[idx].nick, dcc[idx].u.chat->su_nick);
+    strlcpy(dcc[idx].nick, dcc[idx].u.chat->su_nick, NICKLEN);
     dcc[idx].type = &DCC_CHAT;
     dprintf(idx, "Returning to real nick %s!\n", dcc[idx].u.chat->su_nick);
     free(dcc[idx].u.chat->su_nick);
@@ -888,12 +889,12 @@ listen_all(port_t lport, bool off)
         /* now setup ipv4/ipv6 listening port */
         idx = new_dcc(&DCC_TELNET, 0);
         dcc[idx].addr = 0L;
-        strcpy(dcc[idx].host6, myipstr(AF_INET6));
+        strlcpy(dcc[idx].host6, myipstr(AF_INET6), sizeof(dcc[idx].host6));
         dcc[idx].port = port;
         dcc[idx].sock = i6;
         dcc[idx].timeval = now;
-        strcpy(dcc[idx].nick, "(telnet6)");
-        strcpy(dcc[idx].host, "*");
+        strlcpy(dcc[idx].nick, "(telnet6)", NICKLEN);
+        strlcpy(dcc[idx].host, "*", UHOSTLEN);
         putlog(LOG_DEBUG, "*", "Listening on IPv6 at telnet port %d", port);
       }
       i = open_listen_by_af(&port, AF_INET);
@@ -913,8 +914,8 @@ listen_all(port_t lport, bool off)
         dcc[idx].port = port;
         dcc[idx].sock = i;
         dcc[idx].timeval = now;
-        strcpy(dcc[idx].nick, "(telnet)");
-        strcpy(dcc[idx].host, "*");
+        strlcpy(dcc[idx].nick, "(telnet)", NICKLEN);
+        strlcpy(dcc[idx].host, "*", UHOSTLEN);
         putlog(LOG_DEBUG, "*", "Listening on IPv4 at telnet port %d", port);
       }
 #ifdef USE_IPV6
@@ -970,8 +971,8 @@ identd_open(const char *sourceIp, const char *destIp)
       dcc[idx].port = port;
       dcc[idx].sock = i;
       dcc[idx].timeval = now;
-      strcpy(dcc[idx].nick, "(identd)");
-      strcpy(dcc[idx].host, "*");
+      strlcpy(dcc[idx].nick, "(identd)", NICKLEN);
+      strlcpy(dcc[idx].host, "*", UHOSTLEN);
       putlog(LOG_DEBUG, "*", "Identd daemon started.");
       howlong.sec = 15;
       howlong.usec = 0;
@@ -1096,7 +1097,7 @@ void set_cmd_pass(char *ln, int shareit)
   if (cp)
     if (ln[0]) {
       /* change */
-      strcpy(cp->pass, ln);
+      strlcpy(cp->pass, ln, sizeof(cp->pass));
       if (shareit)
         botnet_send_cmdpass(-1, cp->name, cp->pass);
     } else {
@@ -1120,7 +1121,7 @@ void set_cmd_pass(char *ln, int shareit)
     cp->next = cmdpass;
     cmdpass = cp;
     cp->name = strdup(cmd);
-    strcpy(cp->pass, ln);
+    strlcpy(cp->pass, ln, sizeof(cp->pass));
     if (shareit)
       botnet_send_cmdpass(-1, cp->name, cp->pass);
   }

+ 2 - 1
src/debug.c

@@ -125,6 +125,7 @@ void sdprintf (const char *format, ...)
   }
 }
 
+#ifdef NOTUSED
 char* hexize(const unsigned char* data, size_t len) {
   static char buffers[5][513] = { "", "", "", "", "" };
   static int n = 0;
@@ -144,7 +145,7 @@ char* hexize(const unsigned char* data, size_t len) {
   if (n == 5) n = 0;
   return buf;
 }
-
+#endif
 
 void printstr(unsigned char *str, int len)
 {

+ 2 - 0
src/debug.h

@@ -40,5 +40,7 @@ void init_debug();
 void eggContext(const char *, int);
 void eggContextNote(const char *, int, const char *);
 void printstr(unsigned char *, int);
+#ifdef NOTUSED
 char* hexize(const unsigned char*, size_t);
+#endif
 #endif /* !_DEBUG_H */

+ 3 - 3
src/log.c

@@ -125,13 +125,13 @@ char *maskname(int x)
 	for (mapping = logmode_mappings; mapping->type; mapping++) {
 		if (x & mapping->flag) {
 			if ((mapping->flag & NEEDS_DEBUG_OUTPUT) && !debug_output) continue;
-			strcat(s, mapping->type);
-			strcat(s, ", ");
+			strlcat(s, mapping->type, sizeof(s));
+			strlcat(s, ", ", sizeof(s));
 		}
 	}
 	len = strlen(s);
 	if (len) s[len-2] = 0;
-	else strcpy(s, "none");
+	else strlcpy(s, "none", sizeof(s));
 	return(s);
 }
 

+ 8 - 10
src/main.c

@@ -153,8 +153,8 @@ static char *getfullbinname(const char *argv_zero)
       if (p)
         *p = 0;
     } else if (strcmp(p, ".")) {
-      strcat(cwd, "/");
-      strcat(cwd, p);
+      strlcat(cwd, "/", sizeof(cwd));
+      strlcat(cwd, p, sizeof(cwd));
     }
     p = p2;
     if (p)
@@ -289,9 +289,7 @@ static void show_help() __attribute__((noreturn));
 
 static void show_help()
 {
-  char format[81] = "";
-
-  egg_snprintf(format, sizeof format, "%%-30s %%-30s\n");
+  const char format[] = "%-30s %-30s\n";
 
   printf(STR("%s\n\n"), version);
   printf(STR("%s [options] [botnick[.conf]]\n"));
@@ -790,7 +788,7 @@ printf("out: %s\n", out);
 
   /* Version info! */
   simple_snprintf(ver, sizeof ver, STR("[%s] Wraith %s"), settings.packname, egg_version);
-  egg_snprintf(version, sizeof version, STR("[%s] Wraith %s (%lu:%d)"), settings.packname, egg_version, buildts, revision);
+  simple_snprintf(version, sizeof version, STR("[%s] Wraith %s (%lu:%d)"), settings.packname, egg_version, buildts, revision);
 
   egg_memcpy(&nowtm, gmtime(&now), sizeof(struct tm));
   lastmin = nowtm.tm_min;
@@ -834,7 +832,7 @@ printf("out: %s\n", out);
   console_init();
   chanprog();
 
-  strcpy(botuser, conf.username ? conf.username : origbotname);
+  strlcpy(botuser, conf.username ? conf.username : origbotname, sizeof(botuser));
 
   if (!conf.bot->hub && conf.bot->localhub)
     sdprintf(STR("I am localhub (%s)"), conf.bot->nick);
@@ -909,8 +907,8 @@ printf("out: %s\n", out);
     dcc[n].u.chat->con_flags = conmask | LOG_ALL;
     dcc[n].u.chat->strip_flags = STRIP_ALL;
     dcc[n].status = STAT_ECHO;
-    strcpy(dcc[n].nick, STR("HQ"));
-    strcpy(dcc[n].host, STR("llama@console"));
+    strlcpy(dcc[n].nick, STR("HQ"), NICKLEN);
+    strlcpy(dcc[n].host, STR("llama@console"), UHOSTLEN);
     dcc[n].user = get_user_by_handle(userlist, dcc[n].nick);
     /* Make sure there's an innocuous HQ user if needed */
     if (!dcc[n].user) {
@@ -995,7 +993,7 @@ printf("out: %s\n", out);
 	      else
 		traffic.in_today.unknown += strlen(buf) + 1;
 	    }
-	    dcc[idx].type->activity(idx, buf, i);
+	    dcc[idx].type->activity(idx, buf, (size_t) i);
 	  } else
 	    putlog(LOG_MISC, "*",
 		   STR("!!! untrapped dcc activity: type %s, sock %d"),

+ 37 - 33
src/misc.c

@@ -299,12 +299,12 @@ void maskhost(const char *s, char *nw)
 /* Convert an interval (in seconds) to one of:
  * "19 days ago", "1 day ago", "18:12"
  */
-void daysago(time_t mynow, time_t then, char *out)
+void daysago(time_t mynow, time_t then, char *out, size_t outsiz)
 {
   if (mynow - then > 86400) {
     int mydays = (mynow - then) / 86400;
 
-    simple_sprintf(out, "%d day%s ago", mydays, (mydays == 1) ? "" : "s");
+    simple_snprintf(out, outsiz, "%d day%s ago", mydays, (mydays == 1) ? "" : "s");
     return;
   }
   egg_strftime(out, 6, "%H:%M", gmtime(&then));
@@ -313,12 +313,12 @@ void daysago(time_t mynow, time_t then, char *out)
 /* Convert an interval (in seconds) to one of:
  * "in 19 days", "in 1 day", "at 18:12"
  */
-void days(time_t mynow, time_t then, char *out)
+void days(time_t mynow, time_t then, char *out, size_t outsiz)
 {
   if (mynow - then > 86400) {
     int mydays = (mynow - then) / 86400;
 
-    simple_sprintf(out, "in %d day%s", mydays, (mydays == 1) ? "" : "s");
+    simple_snprintf(out, outsiz, "in %d day%s", mydays, (mydays == 1) ? "" : "s");
     return;
   }
   egg_strftime(out, 9, "at %H:%M", gmtime(&now));
@@ -327,24 +327,23 @@ void days(time_t mynow, time_t then, char *out)
 /* Convert an interval (in seconds) to one of:
  * "for 19 days", "for 1 day", "for 09:10"
  */
-void daysdur(time_t mynow, time_t then, char *out)
+void daysdur(time_t mynow, time_t then, char *out, size_t outsiz)
 {
   if (mynow - then > 86400) {
     int mydays = (mynow - then) / 86400;
 
-    simple_sprintf(out, "for %d day%s", mydays, (mydays == 1) ? "" : "s");
+    simple_snprintf(out, outsiz, "for %d day%s", mydays, (mydays == 1) ? "" : "s");
     return;
   }
 
   char s[81] = "";
-  int hrs, mins;
 
-  strcpy(out, "for ");
+  strlcpy(out, "for ", outsiz);
   mynow -= then;
-  hrs = (int) (mynow / 3600);
-  mins = (int) ((mynow - (hrs * 3600)) / 60);
-  sprintf(s, "%02d:%02d", hrs, mins);
-  strcat(out, s);
+  int hrs = (int) (mynow / 3600);
+  int mins = (int) ((mynow - (hrs * 3600)) / 60);
+  egg_snprintf(s, sizeof(s), "%02d:%02d", hrs, mins);
+  strlcat(out, s, outsiz);
 }
 
 /* show l33t banner */
@@ -453,13 +452,13 @@ void show_channels(int idx, char *handle)
 
 /* Create a string with random letters and digits
  */
-void make_rand_str(char *s, size_t len)
+void make_rand_str(char *s, size_t len, bool special)
 {
   int r = 0;
   size_t j = 0;
 
   for (j = 0; j < len; j++) {
-    r = randint(4);
+    r = randint(special ? 4 : 3);
     if (r == 0)
       s[j] = '0' + randint(10);
     else if (r == 1)
@@ -507,7 +506,7 @@ char *str_escape(const char *str, const char divc, const char mask)
     }
 
     if (*s == divc || *s == mask) {
-      sprintf(b, "%c%02x", mask, *s);
+      egg_snprintf(b, buflen, "%c%02x", mask, *s);
       b += 3;
       blen += 3;
     } else {
@@ -776,7 +775,7 @@ restart(int idx)
   if (!backgrd || term_z || sdebug) {
     char shit[7] = "";
 
-    simple_sprintf(shit, STR("-%s%s%s"), !backgrd ? "n" : "", term_z ? "t" : "", sdebug ? "D" : "");
+    simple_snprintf(shit, sizeof(shit), STR("-%s%s%s"), !backgrd ? "n" : "", term_z ? "t" : "", sdebug ? "D" : "");
     argv[1] = strdup(shit);
     argv[2] = strdup(shell_escape(conf.bot->nick));
   } else {
@@ -824,13 +823,14 @@ int updatebin(int idx, char *par, int secs)
     return 1;
   }
 
-  char *path = (char *) my_calloc(1, strlen(binname) + strlen(par) + 2);
+  size_t path_siz = strlen(binname) + strlen(par) + 2;
+  char *path = (char *) my_calloc(1, path_siz);
   char *newbin = NULL, buf[DIRMAX] = "";
 #ifndef CYGWIN_HACKS
   int i;
 #endif /* !CYGWIN_HACKS */
 
-  strcpy(path, binname);
+  strlcpy(path, binname, path_siz);
   newbin = strrchr(path, '/');
   if (!newbin) {
     free(path);
@@ -973,7 +973,7 @@ int updatebin(int idx, char *par, int secs)
 
 int bot_aggressive_to(struct userrec *u)
 {
-  char mypval[20] = "", botpval[20] = "";
+  char mypval[HANDLEN + 4] = "", botpval[HANDLEN + 4] = "";
 
   link_pref_val(u, botpval);
   link_pref_val(conf.bot->u, mypval);
@@ -1083,7 +1083,8 @@ char* replace_vars(char *buf) {
 void showhelp(int idx, struct flag_record *flags, const char *string)
 {
   struct flag_record fr = {FR_GLOBAL | FR_CHAN, 0, 0, 0 };
-  char *helpstr = (char *) my_calloc(1, strlen(string) + 1000 + 1);
+  size_t help_siz = strlen(string) + 1000 + 1;
+  char *helpstr = (char *) my_calloc(1, help_siz);
   char tmp[2] = "", flagstr[10] = "";
   bool ok = 1;
 
@@ -1096,7 +1097,7 @@ void showhelp(int idx, struct flag_record *flags, const char *string)
         flagstr[0] = 0;
         while (*string && *string != '}') {
           simple_snprintf(tmp, sizeof(tmp), "%c", *string);
-          strcat(flagstr, tmp);
+          strlcat(flagstr, tmp, sizeof(flagstr));
           string++;
         }
         string++;
@@ -1105,7 +1106,7 @@ void showhelp(int idx, struct flag_record *flags, const char *string)
           ok = 1;
           while (*string && *string != '%') {
             simple_snprintf(tmp, sizeof(tmp), "%c", *string);
-            strcat(helpstr, tmp);
+            strlcat(helpstr, tmp, help_siz);
             string++;
           }
           if (!strncmp(string + 1, "{-", 2)) {
@@ -1131,21 +1132,21 @@ void showhelp(int idx, struct flag_record *flags, const char *string)
       } else if (*(string + 1) == 'd') {
         string += 2;
         if (dcc[idx].u.chat->channel >= 0)
-          strcat(helpstr, settings.dcc_prefix);        
+          strlcat(helpstr, settings.dcc_prefix, help_siz);
       } else if (*(string + 1) == '%') {
         string += 2;
-        strcat(helpstr, "%");        
+        strlcat(helpstr, "%", help_siz);
       } else {
         if (ok) {
           simple_snprintf(tmp, sizeof(tmp), "%c", *string);
-          strcat(helpstr, tmp);
+          strlcat(helpstr, tmp, help_siz);
         }
         string++;
       }
     } else {
       if (ok) {
         simple_snprintf(tmp, sizeof(tmp), "%c", *string);
-        strcat(helpstr, tmp);
+        strlcat(helpstr, tmp, help_siz);
       }
       string++;
     }
@@ -1166,7 +1167,7 @@ void shuffleArray(char* array[], size_t n)
   }
 }
 
-void shuffle(char *string, char *delim)
+void shuffle(char *string, char *delim, size_t str_len)
 {
   char *array[501], *str = NULL, *work = NULL;
   size_t len = 0;
@@ -1184,9 +1185,9 @@ void shuffle(char *string, char *delim)
   shuffleArray(array, len);
   string[0] = 0;
   for (size_t i = 0; i < len; i++) {
-    strcat(string, array[i]);
+    strlcat(string, array[i], str_len);
     if (i != len - 1)
-      strcat(string, delim);
+      strlcat(string, delim, str_len);
   }
   free(work);
   string[strlen(string)] = 0;
@@ -1306,16 +1307,19 @@ char *step_thru_file(FILE *fd)
   }
 
   char tempBuf[1024] = "", *retStr = NULL;
+  size_t ret_siz = 0;
 
   while (!feof(fd)) {
     fgets(tempBuf, sizeof(tempBuf), fd);
     if (!feof(fd)) {
       if (retStr == NULL) {
-        retStr = (char *) my_calloc(1, strlen(tempBuf) + 2);
-        strcpy(retStr, tempBuf);
+        ret_siz = strlen(tempBuf) + 2;
+        retStr = (char *) my_calloc(1, ret_siz);
+        strlcpy(retStr, tempBuf, ret_siz);
       } else {
-        retStr = (char *) my_realloc(retStr, strlen(retStr) + strlen(tempBuf));
-        strcat(retStr, tempBuf);
+        ret_siz = strlen(retStr) + strlen(tempBuf);
+        retStr = (char *) my_realloc(retStr, ret_siz);
+        strlcat(retStr, tempBuf, ret_siz);
       }
       if (retStr[strlen(retStr)-1] == '\n') {
         retStr[strlen(retStr)-1] = 0;

+ 5 - 5
src/misc.h

@@ -15,7 +15,7 @@
 void restart(int);
 int coloridx(int);
 const char *color(int, int, int);
-void shuffle(char *, char *);
+void shuffle(char *, char *, size_t);
 void shuffleArray(char **, size_t);
 void showhelp(int, struct flag_record *, const char *);
 char *replace(const char *, const char *, const char *);
@@ -34,13 +34,13 @@ int remove_crlf_r(char *);
 char *newsplit(char **);
 char *splitnick(char **);
 void stridx(char *, char *, int);
-void daysago(time_t, time_t, char *);
-void days(time_t, time_t, char *);
-void daysdur(time_t, time_t, char *);
+void daysago(time_t, time_t, char *, size_t);
+void days(time_t, time_t, char *, size_t);
+void daysdur(time_t, time_t, char *, size_t);
 void show_motd(int);
 void show_channels(int, char *);
 void show_banner(int);
-void make_rand_str(char *, size_t);
+void make_rand_str(char *, size_t, bool = 1);
 char *str_escape(const char *, const char, const char);
 char *strchr_unescape(char *, const char, register const char);
 void str_unescape(char *, register const char);

+ 11 - 9
src/mod/channels.mod/channels.c

@@ -568,7 +568,7 @@ static void set_mode_protect(struct chanset_t *chan, char *set)
       if (pos) {
 	s1 = newsplit(&set);
 	if (s1[0])
-	  strcpy(chan->key_prot, s1);
+	  strlcpy(chan->key_prot, s1, sizeof(chan->key_prot));
       }
       break;
     }
@@ -652,8 +652,8 @@ static void get_mode_protect(struct chanset_t *chan, char *s)
   *p = 0;
   if (s1[0]) {
     s1[strlen(s1) - 1] = 0;
-    strcat(s, " ");
-    strcat(s, s1);
+    strlcat(s, " ", sizeof(s));
+    strlcat(s, s1, sizeof(s));
   }
 }
 
@@ -772,10 +772,12 @@ static int channels_chon(char *handle, int idx)
       }
       if (!chan)
 	chan = chanset;
+
+      struct chat_info dummy;
       if (chan)
-	strcpy(dcc[idx].u.chat->con_chan, chan->dname);
+	strlcpy(dcc[idx].u.chat->con_chan, chan->dname, sizeof(dummy.con_chan));
       else
-	strcpy(dcc[idx].u.chat->con_chan, "*");
+	strlcpy(dcc[idx].u.chat->con_chan, "*", 2);
     }
   }
   return 0;
@@ -801,17 +803,17 @@ void channels_report(int idx, int details)
       s[0] = 0;
 
       if (chan_bitch(chan))
-	strcat(s, "bitch, ");
+	strlcat(s, "bitch, ", sizeof(s));
       if (s[0])
 	s[strlen(s) - 2] = 0;
       if (!s[0])
-	strcpy(s, "lurking");
+	strlcpy(s, "lurking", sizeof(s));
       get_mode_protect(chan, s2);
       if (channel_closed(chan)) {
         if (chan->closed_invite)
-          strcat(s2, "i");
+          strlcat(s2, "i", sizeof(s2));
         if (chan->closed_private)
-          strcat(s2, "p");
+          strlcat(s2, "p", sizeof(s2));
       }
 
       if (shouldjoin(chan)) {

+ 32 - 32
src/mod/channels.mod/cmdschan.c

@@ -528,7 +528,7 @@ static void cmd_slowjoin(int idx, char *par)
     return;
   }
 
-  egg_snprintf(buf, sizeof(buf), "+inactive addedby %s addedts %li", dcc[idx].nick, (long)now);
+  simple_snprintf(buf, sizeof(buf), "+inactive addedby %s addedts %li", dcc[idx].nick, (long)now);
 
   if (par[0])
     strlcat(buf, par, sizeof(buf));
@@ -934,9 +934,9 @@ static void pls_chan(int idx, char *par, char *bot)
   chname = newsplit(&par);
   simple_snprintf(buf, sizeof(buf), "cjoin %s %s", chname, bot ? bot : "*");		/* +chan makes all bots join */
   if (par[0]) {
-    strcat(buf, " ");
-    strcat(buf, par);
-    strcat(buf, " ");
+    strlcat(buf, " ", sizeof(buf));
+    strlcat(buf, par, sizeof(buf));
+    strlcat(buf, " ", sizeof(buf));
   }
     
   if (!bot && findchan_by_dname(chname)) {
@@ -963,10 +963,10 @@ static void pls_chan(int idx, char *par, char *bot)
       if (!bot) {
         char tmp[51] = "";
 
-        egg_snprintf(tmp, sizeof(tmp), "addedby %s addedts %li", dcc[idx].nick, (long) now);
+        simple_snprintf(tmp, sizeof(tmp), "addedby %s addedts %li", dcc[idx].nick, (long) now);
         if (buf[0]) {
-          strcat(buf, " ");
-          strcat(buf, tmp);
+          strlcat(buf, " ", sizeof(buf));
+          strlcat(buf, tmp, sizeof(buf));
         }
         do_chanset(NULL, chan, buf[0] ? buf : tmp, DO_LOCAL);
         dprintf(idx, "Channel %s added to the botnet.\n", chname);
@@ -1040,7 +1040,7 @@ static void mns_chan(int idx, char *par, char *bot)
       if (dcc[i].type && (dcc[i].type->flags & DCT_CHAT) && 
           !rfc_casecmp(dcc[i].u.chat->con_chan, chan->dname)) {
         dprintf(i, "%s is no longer a valid channel, changing your console to '*'\n", chname);
-        strcpy(dcc[i].u.chat->con_chan, "*");
+        strlcpy(dcc[i].u.chat->con_chan, "*", 2);
         console_dostore(i, 0);
       }
     }
@@ -1081,7 +1081,7 @@ static void cmd_botpart(int idx, char *par)
 
 /* thanks Excelsior */
 #define FLAG_COLS 4
-void show_flag(int idx, char *work, int *cnt, const char *name, unsigned int state)
+static void show_flag(int idx, char *work, int *cnt, const char *name, unsigned int state, size_t worksiz)
 {
   char tmp[101] = "", chr_state[15] = "";
   /* empty buffer if no (char *) name */
@@ -1092,26 +1092,26 @@ void show_flag(int idx, char *work, int *cnt, const char *name, unsigned int sta
     work[0] = 0;
   }
   if (!work[0])
-    simple_sprintf(work, "  ");
+    strlcpy(work, "  ", 3);
   if (name && name[0]) {
     chr_state[0] = 0;
     if (state) {
-      strcat(chr_state, GREEN(idx));
-      strcat(chr_state, "+");
+      strlcat(chr_state, GREEN(idx), sizeof(chr_state));
+      strlcat(chr_state, "+", sizeof(chr_state));
     } else {
-      strcat(chr_state, RED(idx));
-      strcat(chr_state, "-");
+      strlcat(chr_state, RED(idx), sizeof(chr_state));
+      strlcat(chr_state, "-", sizeof(chr_state));
     }
-    strcat(chr_state, COLOR_END(idx));
+    strlcat(chr_state, COLOR_END(idx), sizeof(chr_state));
     egg_snprintf(tmp, sizeof tmp, "%s%-17s", chr_state, name);
-    strcat(work, tmp);
+    strlcat(work, tmp, sizeof(work));
   }
   if (*cnt >= FLAG_COLS)
     dprintf(idx, "%s\n", work);
 }
 
 #define INT_COLS 1
-void show_int(int idx, char *work, int *cnt, const char *desc, int state, const char *yes, const char *no)
+static void show_int(int idx, char *work, int *cnt, const char *desc, int state, const char *yes, const char *no, size_t worksiz)
 {
   char tmp[101] = "", chr_state[101] = "";
 
@@ -1124,35 +1124,35 @@ void show_int(int idx, char *work, int *cnt, const char *desc, int state, const
     work[0] = 0;
   }
   if (!work[0])
-    simple_sprintf(work, "  ");
+    strlcpy(work, "  ", 3);
   /* need to make next line all one char, and then put it into %-30s */
   if (desc && desc[0]) {
     char tmp2[50] = "", tmp3[50] = "";
 
-    strcat(tmp2, BOLD(idx));
+    strlcat(tmp2, BOLD(idx), sizeof(tmp2));
     if (state && yes) {
-      strcat(tmp2, yes);
-      strcat(tmp3, " (");
-      strcat(tmp3, chr_state);
-      strcat(tmp3, ")");
+      strlcat(tmp2, yes, sizeof(tmp2));
+      strlcat(tmp3, " (", sizeof(tmp3));
+      strlcat(tmp3, chr_state, sizeof(tmp3));
+      strlcat(tmp3, ")", sizeof(tmp3));
     } else if (!state && no) {
-      strcat(tmp2, no);
-      strcat(tmp3, " (");
-      strcat(tmp3, chr_state);
-      strcat(tmp3, ")");
+      strlcat(tmp2, no, sizeof(tmp2));
+      strlcat(tmp3, " (", sizeof(tmp3));
+      strlcat(tmp3, chr_state, sizeof(tmp3));
+      strlcat(tmp3, ")", sizeof(tmp3));
     } else if ((state && !yes) || (!state && !no)) {
-      strcat(tmp2, chr_state);
+      strlcat(tmp2, chr_state, sizeof(tmp2));
     }
-    strcat(tmp2, BOLD_END(idx));
+    strlcat(tmp2, BOLD_END(idx), sizeof(tmp2));
     egg_snprintf(tmp, sizeof tmp, "%-30s %-20s %s", desc, tmp2, tmp3[0] ? tmp3 : "");
-    strcat(work, tmp);
+    strlcat(work, tmp, worksiz);
   }
   if (*cnt >= INT_COLS)
     dprintf(idx, "%s\n", work);
 }
 
-#define SHOW_FLAG(name, state) show_flag(idx, work, &cnt, name, state)
-#define SHOW_INT(desc, state, yes, no) show_int(idx, work, &cnt, desc, state, yes, no)
+#define SHOW_FLAG(name, state) show_flag(idx, work, &cnt, name, state, sizeof(work))
+#define SHOW_INT(desc, state, yes, no) show_int(idx, work, &cnt, desc, state, yes, no, sizeof(work))
 #define P_STR deflag == P_KICK ? "Kick" : (deflag == P_DEOP ? "Deop" : (deflag == P_DELETE ? "Remove" : NULL))
 #define F_STR chan->flood_exempt_mode == FLOOD_EXEMPT_OP ? "Op" : (chan->flood_exempt_mode == FLOOD_EXEMPT_VOICE ? "Voice" : NULL)
 static void cmd_chaninfo(int idx, char *par)

+ 8 - 8
src/mod/channels.mod/tclchan.c

@@ -106,7 +106,7 @@ static int FindElement(char *resultBuf, const char *list, size_t listLength,
                                 && (p2 < p+20)) {
                             p2++;
                         }
-                        sprintf(resultBuf, "list element in braces followed by \"%.*s\" instead of space", (int) (p2-p), p);
+//                        snprintf(resultBuf, RESULT_LEN, "list element in braces followed by \"%.*s\" instead of space", (int) (p2-p), p);
                     }
                     return ERROR;
                 }
@@ -163,7 +163,7 @@ static int FindElement(char *resultBuf, const char *list, size_t listLength,
                                  && (p2 < p+20)) {
                             p2++;
                         }
-                        sprintf(resultBuf, "list element in quotes followed by \"%.*s\" %s", (int) (p2-p), p, "instead of space");
+//                        sprintf(resultBuf, "list element in quotes followed by \"%.*s\" %s", (int) (p2-p), p, "instead of space");
                     }
                     return ERROR;
                 }
@@ -787,7 +787,7 @@ int channel_modify(char *result, struct chanset_t *chan, int items, char **item,
     }
   }
   if (result && result[0] && result_extra[0])
-    strcat(result, result_extra);
+    strlcat(result, result_extra, RESULT_LEN);
 
   if (error)
     return ERROR;
@@ -886,11 +886,11 @@ int channel_add(char *result, char *newname, char *options)
   char buf[3001] = "";
 
   simple_snprintf(buf, sizeof(buf), "chanmode { %s } ", glob_chanmode);
-  strcat(buf, def_chanset);
-  strcat(buf, " ");
-  strcat(buf, glob_chanset);
-  strcat(buf, " ");
-  strcat(buf, options);
+  strlcat(buf, def_chanset, sizeof(buf));
+  strlcat(buf, " ", sizeof(buf));
+  strlcat(buf, glob_chanset, sizeof(buf));
+  strlcat(buf, " ", sizeof(buf));
+  strlcat(buf, options, sizeof(buf));
   buf[strlen(buf)] = 0;
 
   if (SplitList(result, buf, &items, &item) != OK)

+ 21 - 21
src/mod/channels.mod/userchan.c

@@ -309,7 +309,7 @@ int u_delmask(char type, struct chanset_t *c, char *who, int doit)
  */
 bool u_addmask(char type, struct chanset_t *chan, char *who, char *from, char *note, time_t expire_time, int flags)
 {
-  char host[1024] = "", s[1024] = "";
+  char host[UHOSTLEN] = "", s[UHOSTLEN] = "";
   maskrec *p = NULL, *l = NULL, **u = NULL;
 
   if (type == 'b')
@@ -319,19 +319,19 @@ bool u_addmask(char type, struct chanset_t *chan, char *who, char *from, char *n
   else if (type == 'I')
     u = chan ? &chan->invites : &global_invites;
 
-  strcpy(host, who);
+  strlcpy(host, who, sizeof(host));
   /* Choke check: fix broken bans (must have '!' and '@') */
   if ((strchr(host, '!') == NULL) && (strchr(host, '@') == NULL))
-    strcat(host, "!*@*");
+    strlcat(host, "!*@*", sizeof(host));
   else if (strchr(host, '@') == NULL)
-    strcat(host, "@*");
+    strlcat(host, "@*", sizeof(host));
   else if (strchr(host, '!') == NULL) {
     char *i = strchr(host, '@');
 
-    strcpy(s, i);
+    strlcpy(s, i, sizeof(s));
     *i = 0;
-    strcat(host, "!*");
-    strcat(host, s);
+    strlcat(host, "!*", sizeof(host));
+    strlcat(host, s, sizeof(host));
   }
     if (conf.bot->hub)
       simple_snprintf(s, sizeof(s), "%s!%s@%s", origbotname, botuser, conf.bot->net.host);
@@ -406,27 +406,27 @@ static void display_mask(const char type, int idx, int number, maskrec *mask, st
   const char *str_type = (type == 'b' ? "BAN" : type == 'e' ? "EXEMPT" : "INVITE");
 
   if (mask->added) {
-    daysago(now, mask->added, s);
+    daysago(now, mask->added, s, sizeof(s));
     simple_snprintf(dates, sizeof(dates), "Created %s", s);
     if (mask->added < mask->lastactive) {
-      strcat(dates, ", ");
-      strcat(dates, "last used");
-      strcat(dates, " ");
-      daysago(now, mask->lastactive, s);
-      strcat(dates, s);
+      strlcat(dates, ", ", sizeof(dates));
+      strlcat(dates, "last used", sizeof(dates));
+      strlcat(dates, " ", sizeof(dates));
+      daysago(now, mask->lastactive, s, sizeof(s));
+      strlcat(dates, s, sizeof(dates));
     }
   } else
     dates[0] = 0;
   if (mask->flags & MASKREC_PERM)
-    strcpy(s, "(perm)");
+    strlcpy(s, "(perm)", sizeof(s));
   else {
     char s1[41] = "";
 
-    days(mask->expire, now, s1);
+    days(mask->expire, now, s1, sizeof(s1));
     simple_snprintf(s, sizeof(s), "(expires %s)", s1);
   }
   if (mask->flags & MASKREC_STICKY)
-    strcat(s, " (sticky)");
+    strlcat(s, " (sticky)", sizeof(s));
 
   /* always show mask on hubs */
   if (!chan || ischanmask(type, chan, mask->mask) || conf.bot->hub) {
@@ -533,7 +533,7 @@ static void tell_masks(const char type, int idx, bool show_inact, char *match, b
       for (ml = channel_list; ml && ml->mask[0]; ml = ml->next) {    
 	if ((!u_equals_mask(global_masks, ml->mask)) &&
 	    (!u_equals_mask(chan_masks, ml->mask))) {
-	  strcpy(s, ml->who);
+	  strlcpy(s, ml->who, sizeof(s));
 	  s2 = s;
 	  s1 = splitnick(&s2);
 	  if (s1[0])
@@ -543,8 +543,8 @@ static void tell_masks(const char type, int idx, bool show_inact, char *match, b
 	  if (ml->timer != 0) {
 	    min = (now - ml->timer) / 60;
 	    sec = (now - ml->timer) - (min * 60);
-	    sprintf(s, " (active %02d:%02d)", min, sec);
-	    strcat(fill, s);
+	    egg_snprintf(s, sizeof(s), " (active %02d:%02d)", min, sec);
+	    strlcat(fill, s, sizeof(fill));
 	  }
 	  if ((!match[0]) || (wild_match(match, ml->mask)))
 	    dprintf(idx, "* [%3d] %s\n", k, fill);
@@ -931,7 +931,7 @@ void channels_writeuserfile(bool old)
   int  ret = 0;
 
   putlog(LOG_DEBUG, "@", "Writing channel/ban/exempt/invite entries.");
-  simple_sprintf(s, "%s~new", userfile);
+  simple_snprintf(s, sizeof(s), "%s~new", userfile);
   f = fopen(s, "a");
   if (f) {
     if (!old)
@@ -964,7 +964,7 @@ bool expired_mask(struct chanset_t *chan, char *who)
   char buf[UHOSTLEN] = "", *snick = NULL, *sfrom = NULL;
   struct userrec *u = NULL;
 
-  strcpy(buf, who);
+  strlcpy(buf, who, sizeof(buf));
   sfrom = buf;
   snick = splitnick(&sfrom);
 

+ 6 - 3
src/mod/console.mod/console.c

@@ -179,11 +179,12 @@ console_gotshare(struct userrec *u, struct user_entry *e, char *par, int idx)
   ci->whom = atoi(arg);
 
   e->u.extra = ci;
+  struct chat_info dummy;
   /* now let's propogate to the dcc list */
   for (int i = 0; i < dcc_total; i++) {
     if (dcc[i].type && (dcc[i].type == &DCC_CHAT) && !strcmp(dcc[i].user->handle, u->handle)) {
       if (ci->channel && ci->channel[0])
-        strcpy(dcc[i].u.chat->con_chan, ci->channel);
+        strlcpy(dcc[i].u.chat->con_chan, ci->channel, sizeof(dummy.con_chan));
       dcc[i].u.chat->con_flags = ci->conflags;
       dcc[i].u.chat->strip_flags = ci->stripflags;
       if (ci->echoflags)
@@ -260,8 +261,10 @@ console_chon(char *handle, int idx)
     struct console_info *i = (struct console_info *) get_user(&USERENTRY_CONSOLE, dcc[idx].user);
 
     if (i) {
-      if (i->channel && i->channel[0])
-        strcpy(dcc[idx].u.chat->con_chan, i->channel);
+      if (i->channel && i->channel[0]) {
+        struct chat_info dummy;
+        strlcpy(dcc[idx].u.chat->con_chan, i->channel, sizeof(dummy.con_chan));
+      }
       dcc[idx].u.chat->con_flags = i->conflags;
       dcc[idx].u.chat->strip_flags = i->stripflags;
       if (i->echoflags)

+ 102 - 108
src/mod/ctcp.mod/ctcp.c

@@ -73,29 +73,27 @@ void scriptchanged()
   switch (cloak_script) {
   case CLOAK_PLAIN:
     simple_snprintf(ctcpversion, sizeof(ctcpversion), "\002BitchX-%s\002 by panasync - %s %s : \002Keep it to yourself!\002", cloak_bxver, cloak_os, cloak_osver);
-    strcpy(ctcpuserinfo, "");
-    strcpy(autoaway, "Auto-Away after 10 mins");
-    strcpy(kickprefix, "");
-    strcpy(bankickprefix, "");
+    ctcpuserinfo[0] = kickprefix[0] = bankickprefix[0] = 0;
+    strlcpy(autoaway, "Auto-Away after 10 mins", sizeof(autoaway));
     break;
   case CLOAK_CRACKROCK:
     simple_snprintf(ctcpversion, sizeof(ctcpversion), "BitchX-%s\002/\002%s %s:(\002c\002)\037rackrock\037/\002b\002X \037[\0373.0.1á9\037]\037 :\002 Keep it to yourself!\002", cloak_bxver, cloak_os, cloak_osver);
-    strcpy(ctcpuserinfo, "crack addict, help me.");
-    strcpy(autoaway, "automatically dead");
-    strcpy(kickprefix, "\002c\002/\037k\037: ");
-    strcpy(bankickprefix, "\002c\002/\037kb\037: ");
+    strlcpy(ctcpuserinfo, "crack addict, help me.", sizeof(ctcpuserinfo));
+    strlcpy(autoaway, "automatically dead", sizeof(autoaway));
+    strlcpy(kickprefix, "\002c\002/\037k\037: ", sizeof(kickprefix));
+    strlcpy(bankickprefix, "\002c\002/\037kb\037: ", sizeof(bankickprefix));
     break;
   case CLOAK_NEONAPPLE:
     simple_snprintf(tmp, sizeof(tmp), "%s %s", cloak_os, cloak_osver);
     strtolower(tmp);
     simple_snprintf(ctcpversion, sizeof(ctcpversion), "bitchx-%s\037(\037%s\037):\037 \002n\002eon\037a\037ppl\002e\002\037/\037\002v\0020\037.\03714i : \002d\002ont you wish you had it\037?\037", cloak_bxver, tmp);
-    strcpy(ctcpuserinfo, "neon apple");
-    strcpy(autoaway, "automatically away after 10 mins \037(\037\002n\002/\037a)\037");
-    strcpy(kickprefix, "\037[na\002(\037k\037)\002]\037 ");
-    strcpy(bankickprefix, "");
+    strlcpy(ctcpuserinfo, "neon apple", sizeof(ctcpuserinfo));
+    strlcpy(autoaway, "automatically away after 10 mins \037(\037\002n\002/\037a)\037", sizeof(autoaway));
+    strlcpy(kickprefix, "\037[na\002(\037k\037)\002]\037 ", sizeof(kickprefix));
+    bankickprefix[0] = 0;
     break;
   case CLOAK_TUNNELVISION:
-    strcpy(tmp, cloak_bxver);
+    strlcpy(tmp, cloak_bxver, sizeof(tmp));
     p = tmp;
     p += strlen(tmp) - 1;
     p[1] = p[0];
@@ -103,53 +101,49 @@ void scriptchanged()
     p[2] = '\037';
     p[3] = 0;
     simple_snprintf(ctcpversion, sizeof(ctcpversion), "\002b\002itchx-%s :tunnel\002vision\002/\0371.2\037", tmp);
-    strcpy(ctcpuserinfo, "");
-    strcpy(autoaway, "auto-gone");
-    strcpy(kickprefix, "");
-    strcpy(bankickprefix, "");
+    ctcpuserinfo[0] = kickprefix[0] = bankickprefix[0] = 0;
+    strlcpy(autoaway, "auto-gone", sizeof(autoaway));
     break;
   case CLOAK_ARGON:
     simple_snprintf(ctcpversion, sizeof(ctcpversion), ".\037.(\037argon\002/\0021g\037)\037 \002:\002bitchx-%s", cloak_bxver);
-    strcpy(ctcpuserinfo, "");
-    strcpy(autoaway, "\037(\037ar\037)\037 auto-away \037(\03710m\037)\037");
-    strcpy(kickprefix, "\037(\037ar\037)\037 ");
-    strcpy(bankickprefix, "\037(\037ar\037)\037 ");
+    ctcpuserinfo[0] = 0;
+    strlcpy(autoaway, "\037(\037ar\037)\037 auto-away \037(\03710m\037)\037", sizeof(autoaway));
+    strlcpy(kickprefix, "\037(\037ar\037)\037 ", sizeof(kickprefix));
+    strlcpy(bankickprefix, "\037(\037ar\037)\037 ", sizeof(bankickprefix));
     break;
   case CLOAK_EVOLVER:
     simple_snprintf(ctcpversion, sizeof(ctcpversion), "\037evolver\037(\00202x9\002)\037: bitchx\037(\002%s\002) \037í\037 %s\002/\002%s : eye yam pheerable now!", cloak_bxver, cloak_os, cloak_osver);
-    strcpy(ctcpuserinfo, "");
-    strcpy(autoaway, "[\037\002i\002dle for \037[\03710 minutes\037]]");
-    strcpy(kickprefix, "\037ev\002!\002k\037 ");
-    strcpy(bankickprefix, "\037ev\002!\002bk\037 ");
+    ctcpuserinfo[0] = 0;
+    strlcpy(autoaway, "[\037\002i\002dle for \037[\03710 minutes\037]]", sizeof(autoaway));
+    strlcpy(kickprefix, "\037ev\002!\002k\037 ", sizeof(kickprefix));
+    strlcpy(bankickprefix, "\037ev\002!\002bk\037 ", sizeof(bankickprefix));
     break;
   case CLOAK_PREVAIL:
     simple_snprintf(ctcpversion, sizeof(ctcpversion), "%s\037!\037%s bitchx-%s \002-\002 prevail\037[\0370123\037]\037 :down with people", cloak_os, cloak_osver, cloak_bxver);
-    strcpy(ctcpuserinfo, botrealname);
-    strcpy(autoaway, "idle 10 minutes \037-\037 gone\037!\037");
-    strcpy(kickprefix, "\037[\037pv\037!\037k\037]\037 ");
-    strcpy(bankickprefix, "\037[\037pv\037!\037bk\037]\037 ");
+    strlcpy(ctcpuserinfo, botrealname, sizeof(ctcpuserinfo));
+    strlcpy(autoaway, "idle 10 minutes \037-\037 gone\037!\037", sizeof(autoaway));
+    strlcpy(kickprefix, "\037[\037pv\037!\037k\037]\037 ", sizeof(kickprefix));
+    strlcpy(bankickprefix, "\037[\037pv\037!\037bk\037]\037 ", sizeof(bankickprefix));
     break;
   case CLOAK_MIRC:
   {
     char mircver[5] = "";
    
-    strcpy(mircver, response(RES_MIRCVER));
+    strlcpy(mircver, response(RES_MIRCVER), sizeof(mircver));
     simple_snprintf(ctcpversion, sizeof(ctcpversion), "mIRC v%s Khaled Mardam-Bey", mircver);
     if (randint(2) % 2)
       strlcpy(ctcpversion2, response(RES_MIRCSCRIPT), sizeof(ctcpversion2));
-    strcpy(ctcpuserinfo, botrealname);
-    strcpy(autoaway, "auto-away after 10 minutes");
-    strcpy(kickprefix, "");
-    strcpy(bankickprefix, "");
+    strlcpy(ctcpuserinfo, botrealname, sizeof(ctcpuserinfo));
+    strlcpy(autoaway, "auto-away after 10 minutes", sizeof(autoaway));
+    kickprefix[0] = bankickprefix[0] = 0;
     break;
   }
   case CLOAK_OTHER:
   {
-    strcpy(ctcpversion, response(RES_OTHERSCRIPT));
-    strcpy(ctcpuserinfo, botrealname);
-    strcpy(autoaway, "auto-away after 10 minutes");
-    strcpy(kickprefix, "");
-    strcpy(bankickprefix, "");
+    strlcpy(ctcpversion, response(RES_OTHERSCRIPT), sizeof(ctcpversion));
+    strlcpy(ctcpuserinfo, botrealname, sizeof(ctcpuserinfo));
+    strlcpy(autoaway, "auto-away after 10 minutes", sizeof(autoaway));
+    kickprefix[0] = bankickprefix[0];
     break;
   }
   case CLOAK_CYPRESS:
@@ -158,67 +152,67 @@ void scriptchanged()
 
     switch (randint(25)) { /* 0-19 = script, 20-24 = plain */
     case 0:
-      strcpy(theme, " \037.\037.\002BX\002");
+      strlcpy(theme, " \037.\037.\002BX\002", sizeof(theme));
       break;
     case 1:
-      strcpy(theme, " \037.\037.chl\037o\037rine");
+      strlcpy(theme, " \037.\037.chl\037o\037rine", sizeof(theme));
       break;
     case 2:
-      strcpy(theme, " \037.\037.\037<\037c\002x\002\037>\037");
+      strlcpy(theme, " \037.\037.\037<\037c\002x\002\037>\037", sizeof(theme));
       break;
     case 3:
-      strcpy(theme, " \037.\037.supercyan");
+      strlcpy(theme, " \037.\037.supercyan", sizeof(theme));
       break;
     case 4:
-      strcpy(theme, " \037.\037.\037c\037yan\002i\002\002\037z\037\002\037e\037d");
+      strlcpy(theme, " \037.\037.\037c\037yan\002i\002\002\037z\037\002\037e\037d", sizeof(theme));
       break;
     case 5:
-      strcpy(theme, " \037.\037.delusion");
+      strlcpy(theme, " \037.\037.delusion", sizeof(theme));
       break;
     case 6:
-      strcpy(theme, " \037.\037.\002e\002mbryonic");
+      strlcpy(theme, " \037.\037.\002e\002mbryonic", sizeof(theme));
       break;
     case 7:
-      strcpy(theme, " \037.\037.e\002x\002tra\037.\037terrestr\037i\037al");
+      strlcpy(theme, " \037.\037.e\002x\002tra\037.\037terrestr\037i\037al", sizeof(theme));
       break;
     case 8:
-      strcpy(theme, " \037.\037.\002f\002ad\037e\037d");
+      strlcpy(theme, " \037.\037.\002f\002ad\037e\037d", sizeof(theme));
       break;
     case 9:
-      strcpy(theme, " \037.\037.fo\037c\037us");
+      strlcpy(theme, " \037.\037.fo\037c\037us", sizeof(theme));
       break;
     case 10:
-      strcpy(theme, " \037.\037.\002h\002ade\037s\037");
+      strlcpy(theme, " \037.\037.\002h\002ade\037s\037", sizeof(theme));
       break;
     case 11:
-      strcpy(theme, " \037.\037.hellbent\037.\037");
+      strlcpy(theme, " \037.\037.hellbent\037.\037", sizeof(theme));
       break;
     case 12:
-      strcpy(theme, " \037.\037.illusi\037o\037n");
+      strlcpy(theme, " \037.\037.illusi\037o\037n", sizeof(theme));
       break;
     case 13:
-      strcpy(theme, " \037.\037.\037j\037ungl\037e\037");
+      strlcpy(theme, " \037.\037.\037j\037ungl\037e\037", sizeof(theme));
       break;
     case 14:
-      strcpy(theme, " \037.\037.\002l\002abry\037i\037nth");
+      strlcpy(theme, " \037.\037.\002l\002abry\037i\037nth", sizeof(theme));
       break;
     case 15:
-      strcpy(theme, " \037.\037.nightblue");
+      strlcpy(theme, " \037.\037.nightblue", sizeof(theme));
       break;
     case 16:
-      strcpy(theme, " \037.\037.\037o\037bli\037v\037io\037n\037");
+      strlcpy(theme, " \037.\037.\037o\037bli\037v\037io\037n\037", sizeof(theme));
       break;
     case 17:
-      strcpy(theme, " \037.\037.ph\002a\002ze");
+      strlcpy(theme, " \037.\037.ph\002a\002ze", sizeof(theme));
       break;
     case 18:
-      strcpy(theme, " \037.\037.sphere");
+      strlcpy(theme, " \037.\037.sphere", sizeof(theme));
       break;
     case 19:
-      strcpy(theme, " \037.\037.zip");
+      strlcpy(theme, " \037.\037.zip", sizeof(theme));
       break;
     default:
-      strcpy(theme, "");
+      theme[0] = 0;
       break;
     }
     switch (randint(16)) {
@@ -287,10 +281,10 @@ void scriptchanged()
       simple_snprintf(ctcpversion, sizeof(ctcpversion), "cypress\037.\03701i\037/\037bx%s \037(\037%s\037)\037", cloak_bxver, theme);
       break;
     }
-    strcpy(ctcpuserinfo, "");
-    strcpy(autoaway, "autoaway after 40 min");
-    strcpy(kickprefix, "\002.\002.\037(\037\002c\002yp\002/\002k\037)\037 ");
-    strcpy(bankickprefix, "\002.\002.\037(\037\002c\002yp\002/\002bk\037)\037 ");
+    ctcpuserinfo[0] = 0;
+    strlcpy(autoaway, "autoaway after 40 min", sizeof(autoaway));
+    strlcpy(kickprefix, "\002.\002.\037(\037\002c\002yp\002/\002k\037)\037 ", sizeof(kickprefix));
+    strlcpy(bankickprefix, "\002.\002.\037(\037\002c\002yp\002/\002bk\037)\037 ", sizeof(bankickprefix));
     break;
   }
   }
@@ -445,28 +439,28 @@ static int ctcp_VERSION(char *nick, char *uhost, struct userrec *u, char *object
   if (cloak_script == CLOAK_CYPRESS) {
     switch (randint(8)) {
     case 0:
-      strcpy(s, " :should of put the glock down.");
+      strlcpy(s, " :should of put the glock down.", sizeof(s));
       break;
     case 1:
-      strcpy(s, " :hot damn, I didn't want to kill a man.");
+      strlcpy(s, " :hot damn, I didn't want to kill a man.", sizeof(s));
       break;
     case 2:
-      strcpy(s, " :check me and I'll check ya back.");
+      strlcpy(s, " :check me and I'll check ya back.", sizeof(s));
       break;
     case 3:
-      strcpy(s, " :put the blunt down just for a minute.");
+      strlcpy(s, " :put the blunt down just for a minute.", sizeof(s));
       break;
     case 4:
-      strcpy(s, " :tried to jack me, my homie got shot.");
+      strlcpy(s, " :tried to jack me, my homie got shot.", sizeof(s));
       break;
     case 5:
-      strcpy(s, " :insane in the membrane");
+      strlcpy(s, " :insane in the membrane", sizeof(s));
       break;
     case 6:
-      strcpy(s, " :slow hits from the bong");
+      strlcpy(s, " :slow hits from the bong", sizeof(s));
       break;
     case 7:
-      strcpy(s, " :k\002-\002leet");
+      strlcpy(s, " :k\002-\002leet", sizeof(s));
       break;
     }
   }
@@ -533,10 +527,10 @@ static int ctcp_INVITE_UNBAN(char *nick, char *uhost, struct userrec *u, char *o
 static int ctcp_USERINFO(char *nick, char *uhost, struct userrec *u, char *object, char *keyword, char *text)
 {
   if (cloak_script == CLOAK_TUNNELVISION)
-    strcpy(ctcpuserinfo, botname);
+    strlcpy(ctcpuserinfo, botname, sizeof(ctcpuserinfo));
   else if (cloak_script == CLOAK_PREVAIL) {
-    strcpy(ctcpuserinfo, botname);
-    strcat(ctcpuserinfo, " ?");
+    strlcpy(ctcpuserinfo, botname, sizeof(ctcpuserinfo));
+    strlcat(ctcpuserinfo, " ?", sizeof(ctcpuserinfo));
   }
   dprintf(DP_HELP, "NOTICE %s :\001%s %s\001\n", nick, keyword, ctcpuserinfo);
   return BIND_RET_BREAK;
@@ -550,53 +544,53 @@ static int ctcp_CLIENTINFO(char *nick, char *uhost, struct userrec *u, char *obj
   char buf[256] = "";
 
   if (!text[0]) {
-    strcpy(buf, "SED UTC ACTION DCC CDCC BDCC XDCC VERSION CLIENTINFO USERINFO ERRMSG FINGER TIME PING ECHO INVITE WHOAMI OP OPS UNBAN IDENT XLINK UPTIME :Use CLIENTINFO <COMMAND> to get more specific information");
+    strlcpy(buf, "SED UTC ACTION DCC CDCC BDCC XDCC VERSION CLIENTINFO USERINFO ERRMSG FINGER TIME PING ECHO INVITE WHOAMI OP OPS UNBAN IDENT XLINK UPTIME :Use CLIENTINFO <COMMAND> to get more specific information", sizeof(buf));
   } else if (!egg_strcasecmp(text, "UNBAN"))
-    strcpy(buf, "UNBAN unbans the person from channel");
+    strlcpy(buf, "UNBAN unbans the person from channel", sizeof(buf));
   else if (!egg_strcasecmp(text, "OPS"))
-    strcpy(buf, "OPS ops the person if on userlist");
+    strlcpy(buf, "OPS ops the person if on userlist", sizeof(buf));
   else if (!egg_strcasecmp(text, "ECHO"))
-    strcpy(buf, "ECHO returns the arguments it receives");
+    strlcpy(buf, "ECHO returns the arguments it receives", sizeof(buf));
   else if (!egg_strcasecmp(text, "WHOAMI"))
-    strcpy(buf, "WHOAMI user list information");
+    strlcpy(buf, "WHOAMI user list information", sizeof(buf));
   else if (!egg_strcasecmp(text, "INVITE"))
-    strcpy(buf, "INVITE invite to channel specified");
+    strlcpy(buf, "INVITE invite to channel specified", sizeof(buf));
   else if (!egg_strcasecmp(text, "PING"))
-    strcpy(buf, "PING returns the arguments it receives");
+    strlcpy(buf, "PING returns the arguments it receives", sizeof(buf));
   else if (!egg_strcasecmp(text, "UTC"))
-    strcpy(buf, "UTC substitutes the local timezone");
+    strlcpy(buf, "UTC substitutes the local timezone", sizeof(buf));
   else if (!egg_strcasecmp(text, "XDCC"))
-    strcpy(buf, "XDCC checks cdcc info for you");
+    strlcpy(buf, "XDCC checks cdcc info for you", sizeof(buf));
   else if (!egg_strcasecmp(text, "BDCC"))
-    strcpy(buf, "BDCC checks cdcc info for you");
+    strlcpy(buf, "BDCC checks cdcc info for you", sizeof(buf));
   else if (!egg_strcasecmp(text, "CDCC"))
-    strcpy(buf, "CDCC checks cdcc info for you");
+    strlcpy(buf, "CDCC checks cdcc info for you", sizeof(buf));
   else if (!egg_strcasecmp(text, "DCC"))
-    strcpy(buf, "DCC requests a direct_client_connection");
+    strlcpy(buf, "DCC requests a direct_client_connection", sizeof(buf));
   else if (!egg_strcasecmp(text, "ACTION"))
-    strcpy(buf, "ACTION contains action descriptions for atmosphere");
+    strlcpy(buf, "ACTION contains action descriptions for atmosphere", sizeof(buf));
   else if (!egg_strcasecmp(text, "FINGER"))
-    strcpy(buf, "FINGER shows real name, login name and idle time of user");
+    strlcpy(buf, "FINGER shows real name, login name and idle time of user", sizeof(buf));
   else if (!egg_strcasecmp(text, "ERRMSG"))
-    strcpy(buf, "ERRMSG returns error messages");
+    strlcpy(buf, "ERRMSG returns error messages", sizeof(buf));
   else if (!egg_strcasecmp(text, "USERINFO"))
-    strcpy(buf, "USERINFO returns user settable information");
+    strlcpy(buf, "USERINFO returns user settable information", sizeof(buf));
   else if (!egg_strcasecmp(text, "CLIENTINFO"))
-    strcpy(buf, "CLIENTINFO gives information about available CTCP commands");
+    strlcpy(buf, "CLIENTINFO gives information about available CTCP commands", sizeof(buf));
   else if (!egg_strcasecmp(text, "SED"))
-    strcpy(buf, "SED contains simple_encrypted_data");
+    strlcpy(buf, "SED contains simple_encrypted_data", sizeof(buf));
   else if (!egg_strcasecmp(text, "OP"))
-    strcpy(buf, "OP ops the person if on userlist");
+    strlcpy(buf, "OP ops the person if on userlist", sizeof(buf));
   else if (!egg_strcasecmp(text, "VERSION"))
-    strcpy(buf, "VERSION shows client type, version and environment");
+    strlcpy(buf, "VERSION shows client type, version and environment", sizeof(buf));
   else if (!egg_strcasecmp(text, "XLINK"))
-    strcpy(buf, "XLINK x-filez rule");
+    strlcpy(buf, "XLINK x-filez rule", sizeof(buf));
   else if (!egg_strcasecmp(text, "IDENT"))
-    strcpy(buf, "IDENT change userhost of userlist");
+    strlcpy(buf, "IDENT change userhost of userlist", sizeof(buf));
   else if (!egg_strcasecmp(text, "TIME"))
-    strcpy(buf, "TIME tells you the time on the user's host");
+    strlcpy(buf, "TIME tells you the time on the user's host", sizeof(buf));
   else if (!egg_strcasecmp(text, "UPTIME"))
-    strcpy(buf, "UPTIME my uptime");
+    strlcpy(buf, "UPTIME my uptime", sizeof(buf));
   else {
     dprintf(DP_HELP, "NOTICE %s :\001ERRMSG %s is not a valid function\001\n", nick, text);
     return BIND_RET_LOG;
@@ -680,15 +674,15 @@ void ctcp_init()
     /* shit, we have to come up with something ourselves.. */
     switch (randint(2)) {
     case 0:
-      strcpy(cloak_os, "Linux");
-      strcpy(cloak_osver, "2.6.18");
+      strlcpy(cloak_os, "Linux", sizeof(cloak_os));
+      strlcpy(cloak_osver, "2.6.25.5", sizeof(cloak_osver));
       break;
     case 1:
-      strcpy(cloak_os, "FreeBSD");
-      strcpy(cloak_osver, "6.2-p7");
+      strlcpy(cloak_os, "FreeBSD", sizeof(cloak_os));
+      strlcpy(cloak_osver, "7.0-p4", sizeof(cloak_osver));
       break;
     }
-    strcpy(cloak_host, "login");
+    strlcpy(cloak_host, "login", sizeof(cloak_host));
 #ifndef CYGWIN_HACKS
   }
 #endif /* !CYGWIN_HACKS */
@@ -697,16 +691,16 @@ void ctcp_init()
 
   switch (randint(4)) {
   case 0:
-    strcpy(cloak_bxver, "1.0c17");
+    strlcpy(cloak_bxver, "1.1-final", sizeof(cloak_bxver));
     break;
   case 1:
-    strcpy(cloak_bxver, "1.0c18");
+    strlcpy(cloak_bxver, "1.0c18", sizeof(cloak_bxver));
     break;
   case 2:
-    strcpy(cloak_bxver, "1.0c19");
+    strlcpy(cloak_bxver, "1.0c19", sizeof(cloak_bxver));
     break;
   case 3:
-    strcpy(cloak_bxver, "1.0c20cvs+");
+    strlcpy(cloak_bxver, "1.0c20cvs+", sizeof(cloak_bxver));
     break;
   }
   scriptchanged();

+ 41 - 39
src/mod/irc.mod/chan.c

@@ -462,33 +462,33 @@ static bool detect_chan_flood(char *floodnick, char *floodhost, char *from,
   case FLOOD_NOTICE:
     thr = chan->flood_pub_thr;
     lapse = chan->flood_pub_time;
-    strcpy(ftype, "pub");
+    strlcpy(ftype, "pub", sizeof(ftype));
     break;
   case FLOOD_CTCP:
     thr = chan->flood_ctcp_thr;
     lapse = chan->flood_ctcp_time;
-    strcpy(ftype, "pub");
+    strlcpy(ftype, "pub", sizeof(ftype));
     break;
   case FLOOD_NICK:
     thr = chan->flood_nick_thr;
     lapse = chan->flood_nick_time;
-    strcpy(ftype, "nick");
+    strlcpy(ftype, "nick", sizeof(ftype));
     break;
   case FLOOD_JOIN:
   case FLOOD_PART:
     thr = chan->flood_join_thr;
     lapse = chan->flood_join_time;
-      strcpy(ftype, "join");
+    strlcpy(ftype, "join", sizeof(ftype));
     break;
   case FLOOD_DEOP:
     thr = chan->flood_deop_thr;
     lapse = chan->flood_deop_time;
-    strcpy(ftype, "deop");
+    strlcpy(ftype, "deop", sizeof(ftype));
     break;
   case FLOOD_KICK:
     thr = chan->flood_kick_thr;
     lapse = chan->flood_kick_time;
-    strcpy(ftype, "kick");
+    strlcpy(ftype, "kick", sizeof(ftype));
     break;
   }
   if ((thr == 0) || (lapse == 0))
@@ -522,7 +522,7 @@ static bool detect_chan_flood(char *floodnick, char *floodhost, char *from,
     if (!rfc_casecmp(chan->deopd, victim))
       return 0;
     else
-      strcpy(chan->deopd, victim);
+      strlcpy(chan->deopd, victim, sizeof(chan->deopd));
   }
   chan->floodnum[which]++;
   if (chan->floodnum[which] >= thr) {	/* FLOOD */
@@ -563,7 +563,7 @@ static bool detect_chan_flood(char *floodnick, char *floodhost, char *from,
 	putlog(LOG_MISC | LOG_JOIN, chan->dname, "JOIN flood from @%s!  Banning.", p);
       else
 	putlog(LOG_MISC | LOG_JOIN, chan->dname, "NICK flood from @%s!  Banning.", p);
-      strcpy(ftype + 4, " flood");
+      strlcpy(ftype + 4, " flood", sizeof(ftype) - 4);
       u_addmask('b', chan, h, conf.bot->nick, ftype, now + (60 * chan->ban_time), 0);
       if (which == FLOOD_PART)
         add_mode(chan, '+', 'b', h);
@@ -1106,8 +1106,9 @@ void enforce_closed(struct chanset_t *chan) {
 inline static char *
 take_massopline(char *op, char **to_op)
 {
-  char *nicks = (char *) my_calloc(1, 151),
-       *modes = (char *) my_calloc(1, 31),
+  const size_t modes_len = 31, nicks_len = 151;
+  char *nicks = (char *) my_calloc(1, nicks_len),
+       *modes = (char *) my_calloc(1, modes_len),
        *nick = NULL;
   register bool useop = 0;
   static char ret[182] = "";
@@ -1122,17 +1123,17 @@ take_massopline(char *op, char **to_op)
       } else if (*to_op[0])
         nick = newsplit(to_op);
       if (nick) {
-        strcat(modes, "+o");
-        strcat(nicks, nick);
+        strlcat(modes, "+o", modes_len);
+        strlcat(nicks, nick, nicks_len);
         if (i != modesperline - 1)
-          strcat(nicks, " "); 
+          strlcat(nicks, " ", nicks_len);
       }
     }
   }
   
-  strcat(ret, modes);
-  strcat(ret, " ");
-  strcat(ret, nicks);
+  strlcat(ret, modes, sizeof(ret));
+  strlcat(ret, " ", sizeof(ret));
+  strlcat(ret, nicks, sizeof(ret));
   free(modes);
   free(nicks);
   
@@ -1150,21 +1151,21 @@ take_makeline(char *op, char *deops, unsigned int deopn, size_t deops_len)
   egg_memset(ret, 0, sizeof(ret));
   for (i = 0; i < n; i++) {
     if (opn && i == pos)
-      strcat(ret, "+o");
+      strlcat(ret, "+o", sizeof(ret));
     else if (deopn)
-      strcat(ret, "-o");
+      strlcat(ret, "-o", sizeof(ret));
   }
 
-  strcat(ret, " ");
+  strlcat(ret, " ", sizeof(ret));
 
   for (i = 0; i < n; i++) {
     if (opn && i == pos)
-      strcat(ret, op);
+      strlcat(ret, op, sizeof(ret));
     else if (deopn)
-      strcat(ret, newsplit(&deops));
+      strlcat(ret, newsplit(&deops), sizeof(ret));
 
     if (i != n - 1)
-      strcat(ret, " ");
+      strlcat(ret, " ", sizeof(ret));
   }
   return ret;  
 }
@@ -1191,8 +1192,8 @@ do_take(struct chanset_t *chan)
       }
     }
   }
-  shuffle(to_op, " ");
-  shuffle(to_deop, " ");
+  shuffle(to_op, " ", sizeof(to_op));
+  shuffle(to_deop, " ", sizeof(to_deop));
 
   size_t deops_len = 0;
   size_t work_len = 0;
@@ -1404,7 +1405,7 @@ static int got302(char *from, char *msg)
 #ifdef CACHE
   if ((cache = cache_find(nick))) {
     if (!cache->uhost[0])
-    strcpy(cache->uhost, uhost);
+    strlcpy(cache->uhost, uhost, sizeof(cache->uhost));
 
     if (!cache->handle[0]) {
       char s[UHOSTLEN] = "";
@@ -1412,7 +1413,7 @@ static int got302(char *from, char *msg)
 
       simple_snprintf(s, sizeof(s), "%s!%s", nick, uhost);
       if ((u = get_user_by_host(s)))
-        strcpy(cache->handle, u->handle);
+        strlcpy(cache->handle, u->handle, sizeof(cache->handle));
     }
     cache->timeval = now;
  
@@ -1694,7 +1695,7 @@ static int got352or4(struct chanset_t *chan, char *user, char *host, char *nick,
     m->user = NULL;
   }
   if (!m->nick[0])
-    strcpy(m->nick, nick);	/* Store the nick in list */
+    strlcpy(m->nick, nick, sizeof(m->nick));	/* Store the nick in list */
 
   m->hops = hops;
 
@@ -2293,8 +2294,9 @@ static void set_topic(struct chanset_t *chan, char *k)
   if (chan->channel.topic)
     free(chan->channel.topic);
   if (k && k[0]) {
-    chan->channel.topic = (char *) my_calloc(1, strlen(k) + 1);
-    strcpy(chan->channel.topic, k);
+    size_t tlen = strlen(k) + 1;
+    chan->channel.topic = (char *) my_calloc(1, tlen);
+    strlcpy(chan->channel.topic, k, tlen);
   } else
     chan->channel.topic = NULL;
 }
@@ -2406,7 +2408,7 @@ static int gotjoin(char *from, char *chname)
 
   char *nick = NULL, buf[UHOSTLEN] = "", *uhost = buf;
 
-  strcpy(uhost, from);
+  strlcpy(uhost, from, sizeof(buf));
   nick = splitnick(&uhost);
 
   if (!chan || (chan && !shouldjoin(chan))) {
@@ -2626,7 +2628,7 @@ static int gotpart(char *from, char *msg)
   fixcolon(msg);
   chan = findchan(chname);
 
-  strcpy(uhost, from);
+  strlcpy(uhost, from, sizeof(buf));
   nick = splitnick(&uhost);
 
   if (chan && !shouldjoin(chan) && match_my_nick(nick)) {
@@ -2706,7 +2708,7 @@ static int gotkick(char *from, char *origmsg)
     chan->channel.fighting++;
     fixcolon(msg);
     u = get_user_by_host(from);
-    strcpy(uhost, from);
+    strlcpy(uhost, from, sizeof(buf));
     whodid = splitnick(&uhost);
     detect_chan_flood(whodid, uhost, from, chan, FLOOD_KICK, nick);
 
@@ -2760,7 +2762,7 @@ static int gotnick(char *from, char *msg)
   memberlist *m = NULL, *mm = NULL;
   struct flag_record fr = {FR_GLOBAL | FR_CHAN, 0, 0, 0 };
 
-  strcpy(uhost, from);
+  strlcpy(uhost, from, sizeof(buf));
   nick = splitnick(&uhost);
   fixcolon(msg);
   irc_log(NULL, "[%s] Nick change: %s -> %s", samechans(nick, ","), nick, msg);
@@ -2791,7 +2793,7 @@ static int gotnick(char *from, char *msg)
 	  killmember(chan, mm->nick);
       }
 
-      strcpy(m->nick, msg);
+      strlcpy(m->nick, msg, sizeof(m->nick));
 
       /*
        * Banned?
@@ -2873,7 +2875,7 @@ static int gotquit(char *from, char *msg)
   char from2[NICKMAX + UHOSTMAX + 1] = "";
   struct userrec *u = NULL;
 
-  strcpy(from2,from);
+  strlcpy(from2, from, sizeof(from2));
   u = get_user_by_host(from2);
   nick = splitnick(&from);
   fixcolon(msg);
@@ -2965,7 +2967,7 @@ static int gotmsg(char *from, char *msg)
   struct flag_record fr = {FR_GLOBAL | FR_CHAN, 0, 0, 0 };
 
   fixcolon(msg);
-  strcpy(uhost, from);
+  strlcpy(uhost, from, sizeof(buf));
   nick = splitnick(&uhost);
 
   memberlist *m = ismember(chan, nick);
@@ -3016,7 +3018,7 @@ static int gotmsg(char *from, char *msg)
     if (*p == 1) {
       *p = 0;
       ctcp = buf2;
-      strcpy(ctcp, p1);
+      strlcpy(ctcp, p1, sizeof(buf2));
       strcpy(p1 - 1, p + 1);
       detect_chan_flood(nick, uhost, from, chan,
 			strncmp(ctcp, "ACTION ", 7) ?
@@ -3125,7 +3127,7 @@ static int gotnotice(char *from, char *msg)
   struct flag_record fr = {FR_GLOBAL | FR_CHAN, 0, 0, 0 };
 
   fixcolon(msg);
-  strcpy(uhost, from);
+  strlcpy(uhost, from, sizeof(buf));
   nick = splitnick(&uhost);
   u = get_user_by_host(from);
   if (flood_ctcp.count && detect_avalanche(msg)) {
@@ -3163,7 +3165,7 @@ static int gotnotice(char *from, char *msg)
     if (*p == 1) {
       *p = 0;
       ctcp = buf2;
-      strcpy(ctcp, p1);
+      strlcpy(ctcp, p1, sizeof(buf2));
       strcpy(p1 - 1, p + 1);
       p = strchr(msg, 1);
       detect_chan_flood(nick, uhost, from, chan,

+ 4 - 4
src/mod/irc.mod/cmdsirc.c

@@ -1293,7 +1293,7 @@ static void cmd_find(int idx, char *par)
       for (m = chan->channel.member; m && m->nick[0]; m = m->next) {
         char s[UHOSTLEN] = "";
 
-        sprintf(s, "%s!%s", m->nick, m->userhost);
+        simple_snprintf(s, sizeof(s), "%s!%s", m->nick, m->userhost);
         if (!m->user && !m->tried_getuser) {
           m->user = get_user_by_host(s);
           if (!m->user && doresolv(chan) && m->userip[0]) {
@@ -1558,13 +1558,13 @@ static void cmd_channel(int idx, char *par)
         chanflag[0] = ' ';
 
       if (chan_issplit(m)) {
-        egg_snprintf(format, sizeof format, 
+        simple_snprintf(format, sizeof format, 
 			"%%c%%c%%-%us %%-%us %%s %%c     <- netsplit, %%lus\n", 
 			maxnicklen, maxhandlen);
 	dprintf(idx, format, chanflag[0],chanflag[1], m->nick, handle, s, atrflag,
 		now - (m->split));
       } else if (!rfc_casecmp(m->nick, botname)) {
-        egg_snprintf(format, sizeof format, 
+        simple_snprintf(format, sizeof format, 
 			"%%c%%c%%-%us %%-%us %%s %%c     <- it's me!\n", 
 			maxnicklen, maxhandlen);
 	dprintf(idx, format, chanflag[0], chanflag[1], m->nick, handle, s, atrflag);
@@ -1578,7 +1578,7 @@ static void cmd_channel(int idx, char *par)
 	  egg_snprintf(s1, sizeof s1, "%2dm", (int) ((now - (m->last)) / 60));
 	else
 	  strlcpy(s1, "   ", sizeof s1);
-	egg_snprintf(format, sizeof format, "%%c%%c%%-%us %%-%us %%s %%c   %%d %%s  %%s %%s\n", 
+	simple_snprintf(format, sizeof format, "%%c%%c%%-%us %%-%us %%s %%c   %%d %%s  %%s %%s\n", 
 			maxnicklen, maxhandlen);
 	dprintf(idx, format, chanflag[0], chanflag[1], m->nick,	handle, s, atrflag, m->hops,
                      s1, m->userhost, m->userip);

+ 9 - 9
src/mod/irc.mod/irc.c

@@ -197,7 +197,7 @@ static cache_t *cache_new(char *nick)
   cache_t *cache = (cache_t *) my_calloc(1, sizeof(cache_t));
 
   cache->next = NULL;
-  strcpy(cache->nick, nick);
+  strlcpy(cache->nick, nick, sizeof(cache->nick));
   cache->uhost[0] = 0;
   cache->handle[0] = 0;
 //  cache->user = NULL;
@@ -213,7 +213,7 @@ static cache_chan_t *cache_chan_add(cache_t *cache, char *chname)
   cache_chan_t *cchan = (cache_chan_t *) my_calloc(1, sizeof(cache_chan_t));
   
   cchan->next = NULL;
-  strcpy(cchan->dname, chname);
+  strlcpy(cchan->dname, chname, sizeof(cchan->dname));
   cchan->ban = 0;
   cchan->invite = 0;
   cchan->invited = 0;
@@ -301,14 +301,14 @@ static void cache_invite(struct chanset_t *chan, char *nick, char *host, char *h
     cache->uhost[0] = 0;
 
   if (host && !cache->uhost[0])
-    strcpy(cache->uhost, host);
+    strlcpy(cache->uhost, host, sizeof(cache->uhost));
 
   /* if we find they have a handle but it doesnt match the new handle, wipe it */
   if (handle && cache->handle[0] && egg_strcasecmp(cache->handle, handle))
     cache->handle[0] = 0;
 
   if (handle && !cache->handle[0])
-    strcpy(cache->handle, handle);
+    strlcpy(cache->handle, handle, sizeof(cache->handle));
 
   cache_chan_t *cchan = cache_chan_add(cache, chan->dname);
 
@@ -1015,9 +1015,9 @@ punish_badguy(struct chanset_t *chan, char *whobad,
     }
     /* ... or creating new user and setting that to deop */
     else {
-      strcpy(s1, whobad);
+      strlcpy(s1, whobad, sizeof(s1));
       maskhost(s1, s);
-      strcpy(s1, badnick);
+      strlcpy(s1, badnick, sizeof(s1));
       /* If that handle exists use "badX" (where X is an increasing number)
        * instead.
        */
@@ -1028,7 +1028,7 @@ punish_badguy(struct chanset_t *chan, char *whobad,
           i = atoi(s1 + 3);
           simple_snprintf(s1 + 3, sizeof(s1) - 3, "%d", i + 1);
         } else
-          strcpy(s1, "bad1");   /* Start with '1' */
+          strlcpy(s1, "bad1", sizeof(s1));   /* Start with '1' */
       }
       userlist = adduser(userlist, s1, s, "-", 0, 0);
       fr.match = FR_CHAN;
@@ -1592,7 +1592,7 @@ irc_report(int idx, int details)
   int k = 10;
   size_t len;
 
-  strcpy(q, "Channels: ");
+  strlcpy(q, "Channels: ", sizeof(q));
   for (struct chanset_t *chan = chanset; chan; chan = chan->next) {
     if (idx != DP_STDOUT)
       get_user_flagrec(dcc[idx].user, &fr, chan->dname, chan);
@@ -1614,7 +1614,7 @@ irc_report(int idx, int details)
       len = simple_snprintf(ch, sizeof(ch), "%s%s%s%s, ", chan->dname, p ? "(" : "", p ? p : "", p ? ")" : "");
       if ((k + len) > 70) {
         dprintf(idx, "    %s\n", q);
-        strcpy(q, "           ");
+        strlcpy(q, "           ", sizeof(q));
         k = 10;
       }
       k += my_strcpy(q + k, ch);

+ 9 - 7
src/mod/irc.mod/mode.c

@@ -433,7 +433,7 @@ real_add_mode(struct chanset_t *chan, const char plus, const char mode, const ch
         if (!chan->ccmode[i].op) {
           chan->ccmode[i].op = (char *) my_calloc(1, len);
           chan->cbytes += len;    /* Add 1 for safety */
-          strcpy(chan->ccmode[i].op, op);
+          strlcpy(chan->ccmode[i].op, op, len);
           break;
         }
     } else {
@@ -448,7 +448,7 @@ real_add_mode(struct chanset_t *chan, const char plus, const char mode, const ch
           chan->cmode[i].type = type;
           chan->cmode[i].op = (char *) my_calloc(1, len);
           chan->bytes += len;     /* Add 1 for safety */
-          strcpy(chan->cmode[i].op, op);
+          strlcpy(chan->cmode[i].op, op, len);
           break;
         }
     }
@@ -458,15 +458,17 @@ real_add_mode(struct chanset_t *chan, const char plus, const char mode, const ch
   else if (plus == '+' && mode == 'k') {
     if (chan->key)
       free(chan->key);
-    chan->key = (char *) my_calloc(1, strlen(op) + 1);
-    strcpy(chan->key, op);
+    len = strlen(op) + 1;
+    chan->key = (char *) my_calloc(1, len);
+    strlcpy(chan->key, op, len);
   }
   /* -k ? store removed key */
   else if (plus == '-' && mode == 'k') {
     if (chan->rmkey)
       free(chan->rmkey);
-    chan->rmkey = (char *) my_calloc(1, strlen(op) + 1);
-    strcpy(chan->rmkey, op);
+    len = strlen(op) + 1;
+    chan->rmkey = (char *) my_calloc(1, len);
+    strlcpy(chan->rmkey, op, len);
   }
   /* +l ? store limit */
   else if (plus == '+' && mode == 'l')
@@ -1163,7 +1165,7 @@ gotmode(char *from, char *msg)
                     const size_t len = simple_snprintf(tmp, sizeof(tmp), "KICK %s %s :%s%s\r\n", chan->name, m->nick, kickprefix, response(RES_BADOP));
                     tputs(serv, tmp, len);
                   }
-                  simple_sprintf(tmp, "%s!%s MODE %s %s", m->nick, m->userhost, chan->dname, modes[modecnt - 1]);
+                  simple_snprintf(tmp, sizeof(tmp), "%s!%s MODE %s %s", m->nick, m->userhost, chan->dname, modes[modecnt - 1]);
                   deflag_user(u, DEFLAG_BADCOOKIE, tmp, chan);
                 }
                 /* Do the logging last as it can slow down the KICK pushing */

+ 6 - 6
src/mod/irc.mod/msgcmds.c

@@ -194,9 +194,9 @@ static int msg_ident(char *nick, char *host, struct userrec *u, char *par)
 
   pass = newsplit(&par);
   if (!par[0])
-    strcpy(who, nick);
+    strlcpy(who, nick, sizeof(nick));
   else {
-    strncpy(who, par, NICKMAX);
+    strlcpy(who, par, sizeof(who));
     who[NICKMAX] = 0;
   }
   u2 = get_user_by_handle(userlist, who);
@@ -620,9 +620,9 @@ static int msgc_channels(Auth *a, char *chname, char *par)
     get_user_flagrec(a->user, &fr, chan->dname, chan);
     if (chk_op(fr, chan)) {
       if (me_op(chan)) 
-        strcat(list, "@");
-      strcat(list, chan->dname);
-      strcat(list, " ");
+        strlcat(list, "@", sizeof(list));
+      strlcat(list, chan->dname, sizeof(list));
+      strlcat(list, " ", sizeof(list));
     }
   }
 
@@ -678,7 +678,7 @@ static int msgc_help(Auth *a, char *chname, char *par)
         ((!chname || !chname[0]) && entry->cflags & AUTH_MSG)) && flagrec_ok(&entry->user_flags, &fr))
       simple_snprintf(outbuf, sizeof(outbuf), "%s%s%s", outbuf[0] ? outbuf : "", outbuf[0] ? " " : "", entry->mask);
 
-  strncat(outbuf, "\n", sizeof(outbuf));
+  strlcat(outbuf, "\n", sizeof(outbuf));
 
   reply(a->nick, NULL, outbuf);
   return BIND_RET_BREAK;

+ 11 - 10
src/mod/server.mod/server.c

@@ -681,7 +681,7 @@ void add_server(char *ss)
 #endif /* USE_IPV6 */
       *q++ = 0;
       x->name = (char *) my_calloc(1, q - ss);
-      strcpy(x->name, ss);
+      strlcpy(x->name, ss, q - ss);
       ss = q;
       q = strchr(ss, ':');
       if (!q) {
@@ -888,8 +888,8 @@ static int ctcp_DCC_CHAT(char *nick, char *from, struct userrec *u, char *object
     dcc[i].addr = my_atoul(ip);
     dcc[i].port = atoi(prt);
     dcc[i].sock = -1;
-    strcpy(dcc[i].nick, u->handle);
-    strcpy(dcc[i].host, from);
+    strlcpy(dcc[i].nick, u->handle, NICKLEN);
+    strlcpy(dcc[i].host, from, UHOSTLEN);
     dcc[i].timeval = now;
     dcc[i].user = u;
 
@@ -909,14 +909,14 @@ static void dcc_chat_hostresolved(int i)
 
   simple_snprintf(buf, sizeof buf, "%d", dcc[i].port);
 
-  egg_snprintf(ip, sizeof ip, "%lu", iptolong(htonl(dcc[i].addr)));
+  simple_snprintf(ip, sizeof ip, "%lu", iptolong(htonl(dcc[i].addr)));
 #ifdef USE_IPV6
   dcc[i].sock = getsock(0, AF_INET);
 #else
   dcc[i].sock = getsock(0);
 #endif /* USE_IPV6 */
   if (dcc[i].sock < 0 || open_telnet_dcc(dcc[i].sock, ip, buf) < 0) {
-    strcpy(buf, strerror(errno));
+    strlcpy(buf, strerror(errno), sizeof(buf));
     putlog(LOG_MISC, "*", "%s: CHAT (%s!%s)", "DCC connection failed", dcc[i].nick, dcc[i].host);
     putlog(LOG_MISC, "*", "    (%s)", buf);
     killsock(dcc[i].sock);
@@ -933,7 +933,8 @@ static void dcc_chat_hostresolved(int i)
      ok = 0;
     if (ok)
       dcc[i].status |= STAT_PARTY;
-    strcpy(dcc[i].u.chat->con_chan, (chanset) ? chanset->dname : "*");
+    struct chat_info dummy;
+    strlcpy(dcc[i].u.chat->con_chan, (chanset) ? chanset->dname : "*", sizeof(dummy.con_chan));
     dcc[i].timeval = now;
     /* Ok, we're satisfied with them now: attempt the connect */
     putlog(LOG_MISC, "*", "DCC connection: CHAT (%s!%s)", dcc[i].nick, dcc[i].host);
@@ -1001,14 +1002,14 @@ void server_report(int idx, int details)
     if (jnick_juped)
       dprintf(idx, "    JUPENICK IS JUPED: %s %s\n", jupenick, keepnick ? "(trying)" : "");
     nick_juped = jnick_juped = 0;
-    daysdur(now, server_online, s1);
+    daysdur(now, server_online, s1, sizeof(s1));
     simple_snprintf(s, sizeof s, "(connected %s)", s1);
     if (server_lag && !waiting_for_awake) {
       if (server_lag == (-1))
 	simple_snprintf(s1, sizeof s1, " (bad pong replies)");
       else
 	simple_snprintf(s1, sizeof s1, " (lag: %ds)", server_lag);
-      strcat(s, s1);
+      strlcat(s, s1, sizeof(s));
     }
   }
   if ((trying_server || server_online) && (servidx != (-1))) {
@@ -1053,8 +1054,8 @@ static cmd_t my_ctcps[] =
 
 void server_init()
 {
-  strcpy(botrealname, "A deranged product of evil coders");
-  strcpy(stackable2cmds, "USERHOST ISON");
+  strlcpy(botrealname, "A deranged product of evil coders", sizeof(botrealname));
+  strlcpy(stackable2cmds, "USERHOST ISON", sizeof(stackable2cmds));
 
   mq.head = hq.head = modeq.head = NULL;
   mq.last = hq.last = modeq.last = NULL;

+ 19 - 17
src/mod/server.mod/servmsg.c

@@ -75,7 +75,7 @@ static void rotate_nick(char *nick, char *orignick)
         use_chr = 0;
 
         if (rolls == 0) {
-          strcpy(nick, orignick);
+          strlcpy(nick, orignick, sizeof(botname));
           len = strlen(nick);
         }
 #ifdef ROLL_RIGHT
@@ -380,12 +380,12 @@ static bool detect_flood(char *floodnick, char *floodhost, char *from, int which
   case FLOOD_NOTICE:
     thr = flood_msg.count;
     lapse = flood_msg.time;
-    strcpy(ftype, "msg");
+    strlcpy(ftype, "msg", 4);
     break;
   case FLOOD_CTCP:
     thr = flood_ctcp.count;
     lapse = flood_ctcp.time;
-    strcpy(ftype, "ctcp");
+    strlcpy(ftype, "ctcp", 5);
     break;
   }
   if ((thr == 0) || (lapse == 0))
@@ -424,7 +424,7 @@ static bool detect_flood(char *floodnick, char *floodhost, char *from, int which
   if (p) {
     p++;
     if (egg_strcasecmp(lastmsghost[which], p)) {	/* New */
-      strcpy(lastmsghost[which], p);
+      strlcpy(lastmsghost[which], p, 128);
       lastmsgtime[which] = now;
       lastmsgs[which] = 0;
       return 0;
@@ -488,7 +488,7 @@ static int gotmsg(char *from, char *msg)
 
   fixcolon(msg);
   /* Only check if flood-ctcp is active */
-  strcpy(uhost, from);
+  strlcpy(uhost, from, UHOSTLEN);
   nick = splitnick(&uhost);
   if (flood_ctcp.count && detect_avalanche(msg)) {
     if (!ignoring) {
@@ -514,7 +514,8 @@ static int gotmsg(char *from, char *msg)
       p++;
     if (*p == 1) {
       *p = 0;
-      ctcp = strcpy(ctcpbuf, p1);
+      strlcpy(ctcpbuf, p1, sizeof(ctcpbuf));
+      ctcp = ctcpbuf;
       strcpy(p1 - 1, p + 1);
       if (!ignoring)
         detect_flood(nick, uhost, from, strncmp(ctcp, "ACTION ", 7) ? FLOOD_CTCP : FLOOD_PRIVMSG);
@@ -655,7 +656,7 @@ static int gotnotice(char *from, char *msg)
 
   to = newsplit(&msg);
   fixcolon(msg);
-  strcpy(uhost, from);
+  strlcpy(uhost, from, UHOSTLEN);
   nick = splitnick(&uhost);
   if (flood_ctcp.count && detect_avalanche(msg)) {
     /* Discard -- kick user if it was to the channel */
@@ -673,7 +674,8 @@ static int gotnotice(char *from, char *msg)
       p++;
     if (*p == 1) {
       *p = 0;
-      ctcp = strcpy(ctcpbuf, p1);
+      strlcpy(ctcpbuf, p1, sizeof(ctcpbuf));
+      ctcp = ctcpbuf;
       strcpy(p1 - 1, p + 1);
       if (!ignoring)
 	detect_flood(nick, uhost, from, FLOOD_CTCP);
@@ -1105,9 +1107,9 @@ static void eof_server(int idx)
   disconnect_server(idx, DO_LOST);
 }
 
-static void display_server(int idx, char *buf)
+static void display_server(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "%s  (lag: %d)", trying_server ? "conn" : "serv", server_lag);
+  simple_snprintf(buf, bufsiz, "%s  (lag: %d)", trying_server ? "conn" : "serv", server_lag);
 }
 
 static void connect_server(void);
@@ -1150,7 +1152,7 @@ static void server_activity(int idx, char *msg, int len)
   char *from = NULL, *code = NULL;
 
   if (trying_server) {
-    strcpy(dcc[idx].nick, "(server)");
+    strlcpy(dcc[idx].nick, "(server)", NICKLEN);
     putlog(LOG_SERV, "*", "Connected to %s", dcc[idx].host);
 
     trying_server = 0;
@@ -1593,9 +1595,9 @@ static void connect_server(void)
 
   if (newserverport) {		/* cmd_jump was used; connect specified server */
     curserv = -1;		/* Reset server list */
-    strcpy(botserver, newserver);
+    strlcpy(botserver, newserver, sizeof(botserver));
     botserverport = newserverport;
-    strcpy(pass, newserverpass);
+    strlcpy(pass, newserverpass, sizeof(pass));
     newserver[0] = newserverport = newserverpass[0] = 0;
   } 
 
@@ -1619,7 +1621,7 @@ static void connect_server(void)
     putlog(LOG_SERV, "*", "Trying server %s:%d", botserver, botserverport);
 
     dcc[newidx].port = botserverport;
-    strcpy(dcc[newidx].nick, "(server)");
+    strlcpy(dcc[newidx].nick, "(server)", NICKLEN);
     strlcpy(dcc[newidx].host, botserver, UHOSTLEN);
 
     botuserhost[0] = 0;
@@ -1695,7 +1697,7 @@ static void server_dns_callback(int id, void *client_data, const char *host, cha
   if (addr.family == AF_INET)
     dcc[idx].addr = htonl(addr.u.addr.s_addr);
 
-  strcpy(serverpass, (char *) dcc[idx].u.dns->cbuf);
+  strlcpy(serverpass, (char *) dcc[idx].u.dns->cbuf, sizeof(serverpass));
   changeover_dcc(idx, &SERVER_SOCKET, 0);
 
 //  identd_open(idx);
@@ -1720,9 +1722,9 @@ static void server_dns_callback(int id, void *client_data, const char *host, cha
     SERVER_SOCKET.timeout_val = &server_timeout;
     /* Another server may have truncated it, so use the original */
     if (jupenick[0])
-      strcpy(botname, jupenick);
+      strlcpy(botname, jupenick, sizeof(botname));
     else
-      strcpy(botname, origbotname);
+      strlcpy(botname, origbotname, sizeof(botname));
     /* Start alternate nicks from the beginning */
     altnick_char = 0;
     /* reset counter so first ctcp is dumped for tcms */

+ 18 - 17
src/mod/share.mod/share.c

@@ -99,7 +99,7 @@ static void new_tbuf(char *bot)
   tandbuf **old = &tbuf, *newbuf = NULL;
 
   newbuf = (tandbuf *) my_calloc(1, sizeof(tandbuf));
-  strcpy(newbuf->bot, bot);
+  strlcpy(newbuf->bot, bot, sizeof(newbuf->bot));
   newbuf->q = NULL;
   newbuf->timer = now;
   newbuf->next = *old;
@@ -149,13 +149,15 @@ static struct share_msgq *q_addmsg(struct share_msgq *qq, char *s)
 {
   struct share_msgq *q = NULL;
   int cnt;
+  size_t siz = 0;
 
   if (!qq) {
     q = (share_msgq *) my_calloc(1, sizeof *q);
 
     q->next = NULL;
-    q->msg = (char *) my_calloc(1, strlen(s) + 1);
-    strcpy(q->msg, s);
+    siz = strlen(s) + 1;
+    q->msg = (char *) my_calloc(1, siz);
+    strlcpy(q->msg, s, siz);
     return q;
   }
   cnt = 0;
@@ -167,8 +169,9 @@ static struct share_msgq *q_addmsg(struct share_msgq *qq, char *s)
 
   q = q->next;
   q->next = NULL;
-  q->msg = (char *) my_calloc(1, strlen(s) + 1);
-  strcpy(q->msg, s);
+  siz = strlen(s) + 1;
+  q->msg = (char *) my_calloc(1, siz);
+  strlcpy(q->msg, s, siz);
   return qq;
 }
 
@@ -927,7 +930,7 @@ share_ufsend(int idx, char *par)
   FILE *f = NULL;
 
   char rand[7] = "";
-  make_rand_str(rand, sizeof(rand) - 1);
+  make_rand_str(rand, sizeof(rand) - 1, 0);
   simple_snprintf(s, sizeof(s), "%s.share.%s", tempdir, rand);
   //mktemp(s); //Although safe here, g++ complains too much.
 
@@ -962,13 +965,13 @@ share_ufsend(int idx, char *par)
       i = new_dcc(&DCC_FORK_SEND, sizeof(struct xfer_info));
       dcc[i].addr = my_atoul(ip);
       dcc[i].port = atoi(port);
-      strcpy(dcc[i].nick, "*users");
+      strlcpy(dcc[i].nick, "*users", NICKLEN);
       dcc[i].u.xfer->filename = strdup(s);
       dcc[i].u.xfer->origname = dcc[i].u.xfer->filename;
       dcc[i].u.xfer->length = atoi(par);
       dcc[i].u.xfer->f = f;
       dcc[i].sock = sock;
-      strcpy(dcc[i].host, dcc[idx].nick);
+      strlcpy(dcc[i].host, dcc[idx].nick, UHOSTLEN);
       dcc[idx].status |= STAT_GETTING;
     }
   }
@@ -1076,7 +1079,7 @@ shareout(const char *format, ...)
 
   va_start(va, format);
 
-  strcpy(s, "s ");
+  strlcpy(s, "s ", 3);
   if ((l = egg_vsnprintf(s + 2, 509, format, va)) < 0)
     s[2 + (l = 509)] = 0;
   va_end(va);
@@ -1099,7 +1102,7 @@ shareout_prot(struct userrec *u, const char *format, ...)
 
   va_start(va, format);
 
-  strcpy(s, "s ");
+  strlcpy(s, "s ", 3);
   if ((l = egg_vsnprintf(s + 2, 509, format, va)) < 0)
     s[2 + (l = 509)] = 0;
   va_end(va);
@@ -1124,7 +1127,7 @@ shareout_but(int x, const char *format, ...)
 
   va_start(va, format);
 
-  strcpy(s, "s ");
+  strlcpy(s, "s ", 3);
   if ((l = egg_vsnprintf(s + 2, 509, format, va)) < 0)
     s[2 + (l = 509)] = 0;
   va_end(va);
@@ -1181,6 +1184,7 @@ write_tmp_userfile(char *fn, const struct userrec *bu, int idx)
   int ok = 0;
 
   if ((f = fopen(fn, "wb"))) {
+    fchmod(fileno(f), S_IRUSR | S_IWUSR);
 /* FIXME: REMOVE AFTER 1.2.14 */
     bool old = 0;
 
@@ -1189,11 +1193,8 @@ write_tmp_userfile(char *fn, const struct userrec *bu, int idx)
       old = 1;
 
     time_t tt = now;
-    char s1[81] = "";
 
-    fixmod(fn);
-    strcpy(s1, ctime(&tt));
-    lfprintf(f, "#4v: %s -- %s -- written %s", ver, conf.bot->nick, s1);
+    lfprintf(f, "#4v: %s -- %s -- written %s", ver, conf.bot->nick, ctime(&tt));
 
     if (!old)
       ok += write_chans(f, idx);
@@ -1413,7 +1414,7 @@ start_sending_users(int idx)
   int i = 1, j = -1;
 
   char rand[7] = "";
-  make_rand_str(rand, sizeof(rand) - 1);
+  make_rand_str(rand, sizeof(rand) - 1, 0);
   simple_snprintf(share_file, sizeof(share_file), "%s.share.%s", tempdir, rand);
   //mktemp(share_file); //Although safe here, g++ complains too much.
 
@@ -1441,7 +1442,7 @@ start_sending_users(int idx)
   } else {
     updatebot(-1, dcc[idx].nick, '+', 0, 0, 0, NULL);
     dcc[idx].status |= STAT_SENDING;
-    strcpy(dcc[j].host, dcc[idx].nick); /* Store bot's nick */
+    strlcpy(dcc[j].host, dcc[idx].nick, UHOSTLEN); /* Store bot's nick */
     dprintf(idx, "s us %lu %d %lu\n", iptolong(getmyip()), dcc[j].port, dcc[j].u.xfer->length);
     /* Start up a tbuf to queue outgoing changes for this bot until the
      * userlist is done transferring.

+ 13 - 17
src/mod/transfer.mod/transfer.c

@@ -590,30 +590,29 @@ void tout_dcc_send(int idx)
   lostdcc(idx);
 }
 
-void display_dcc_get(int idx, char *buf)
+void display_dcc_get(int idx, char *buf, size_t bufsiz)
 {
   if (dcc[idx].status == dcc[idx].u.xfer->length)
-    sprintf(buf, "send  (%lu)/%lu\n    Filename: %s\n", dcc[idx].u.xfer->acked,
+    simple_snprintf(buf, bufsiz, "send  (%lu)/%lu\n    Filename: %s\n", dcc[idx].u.xfer->acked,
 	    dcc[idx].u.xfer->length, dcc[idx].u.xfer->origname);
   else
-    sprintf(buf,"send  (%lu)/%lu\n    Filename: %s\n", dcc[idx].status,
+    simple_snprintf(buf, bufsiz, "send  (%lu)/%lu\n    Filename: %s\n", dcc[idx].status,
 	    dcc[idx].u.xfer->length, dcc[idx].u.xfer->origname);
 }
 
-void display_dcc_get_p(int idx, char *buf)
+void display_dcc_get_p(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf,"send  waited %ds\n    Filename: %s\n", (int) (now - dcc[idx].timeval), dcc[idx].u.xfer->origname);
+  simple_snprintf(buf, bufsiz, "send  waited %ds\n    Filename: %s\n", (int) (now - dcc[idx].timeval), dcc[idx].u.xfer->origname);
 }
 
-void display_dcc_send(int idx, char *buf)
+void display_dcc_send(int idx, char *buf, size_t bufsiz)
 {
-  sprintf(buf,"send  (%lu)/%lu\n    Filename: %s\n", dcc[idx].status,
-	  dcc[idx].u.xfer->length, dcc[idx].u.xfer->origname);
+  simple_snprintf(buf, bufsiz, "send  (%lu)/%lu\n    Filename: %s\n", dcc[idx].status, dcc[idx].u.xfer->length, dcc[idx].u.xfer->origname);
 }
 
-void display_dcc_fork_send(int idx, char *buf)
+void display_dcc_fork_send(int idx, char *buf, size_t bufsiz)
 {
-  simple_sprintf(buf, "conn  send");
+  simple_snprintf(buf, bufsiz, "conn  send");
 }
 
 void kill_dcc_xfer(int idx, void *x)
@@ -838,13 +837,10 @@ static int raw_dcc_resend_send(char *filename, char *nick, char *from, int resen
   dcc[i].sock = zz;
   dcc[i].addr = (in_addr_t) (-559026163);
   dcc[i].port = port;
-  strcpy(dcc[i].nick, nick);
-  strcpy(dcc[i].host, "irc");
-  dcc[i].u.xfer->filename = (char *) my_calloc(1, strlen(filename) + 1);
-  strcpy(dcc[i].u.xfer->filename, filename);
-
-  dcc[i].u.xfer->origname = (char *) my_calloc(1, strlen(filename) + 1);
-  strcpy(dcc[i].u.xfer->origname, filename);
+  strlcpy(dcc[i].nick, nick, NICKLEN);
+  strlcpy(dcc[i].host, "irc", 4);
+  dcc[i].u.xfer->filename = strdup(filename);
+  dcc[i].u.xfer->origname = strdup(filename);
   strlcpy(dcc[i].u.xfer->from, from, NICKLEN);
   dcc[i].u.xfer->length = dccfilesize;
   dcc[i].timeval = now;

+ 3 - 3
src/mod/update.mod/update.c

@@ -132,13 +132,13 @@ static void update_ufsend(int idx, char *par)
       i = new_dcc(&DCC_FORK_SEND, sizeof(struct xfer_info));
       dcc[i].addr = my_atoul(ip);
       dcc[i].port = atoi(port);
-      strcpy(dcc[i].nick, "*binary");
+      strlcpy(dcc[i].nick, "*binary", NICKLEN);
       dcc[i].u.xfer->filename = strdup(s);
       dcc[i].u.xfer->origname = dcc[i].u.xfer->filename;
       dcc[i].u.xfer->length = atol(par);
       dcc[i].u.xfer->f = f;
       dcc[i].sock = sock;
-      strcpy(dcc[i].host, dcc[idx].nick);
+      strlcpy(dcc[i].host, dcc[idx].nick, UHOSTLEN);
 
       dcc[idx].status |= STAT_GETTINGU;
     }
@@ -342,7 +342,7 @@ static void start_sending_binary(int idx)
     bupdating = 0;
   } else {
     dcc[idx].status |= STAT_SENDINGU;
-    strcpy(dcc[j].host, dcc[idx].nick);		/* Store bot's nick */
+    strlcpy(dcc[j].host, dcc[idx].nick, UHOSTLEN);		/* Store bot's nick */
     dprintf(idx, "sb us %lu %hd %lu\n", iptolong(getmyip()), dcc[j].port, dcc[j].u.xfer->length);
   }
 }

+ 25 - 23
src/net.c

@@ -1248,9 +1248,10 @@ int sockgets(char *s, int *len)
 	  *p = 0;
 	  if (strlen(socklist[i].inbuf) > SGRAB)
 	    socklist[i].inbuf[SGRAB] = 0;
-	  strcpy(s, socklist[i].inbuf);
-	  px = (char *) my_calloc(1, strlen(p + 1) + 1);
-	  strcpy(px, p + 1);
+	  strlcpy(s, socklist[i].inbuf, SGRAB + 10); //buf@main.c
+          size_t psiz = strlen(p + 1) + 1;
+	  px = (char *) my_calloc(1, psiz);
+	  strlcpy(px, p + 1, psiz);
 	  free(socklist[i].inbuf);
 	  if (px[0])
 	    socklist[i].inbuf = px;
@@ -1338,12 +1339,13 @@ int sockgets(char *s, int *len)
   /* Might be necessary to prepend stored-up data! */
   if (socklist[ret].inbuf != NULL) {
     p = socklist[ret].inbuf;
-    socklist[ret].inbuf = (char *) my_calloc(1, strlen(p) + strlen(xx) + 1);
-    strcpy(socklist[ret].inbuf, p);
-    strcat(socklist[ret].inbuf, xx);
+    size_t bufsiz = strlen(p) + strlen(xx) + 1;
+    socklist[ret].inbuf = (char *) my_calloc(1, bufsiz);
+    strlcpy(socklist[ret].inbuf, p, bufsiz);
+    strlcat(socklist[ret].inbuf, xx, bufsiz);
     free(p);
     if (strlen(socklist[ret].inbuf) < (SGRAB + 2)) {
-      strcpy(xx, socklist[ret].inbuf);
+      strlcpy(xx, socklist[ret].inbuf, sizeof(xx));
       free(socklist[ret].inbuf);
       socklist[ret].inbuf = NULL;
       socklist[ret].inbuflen = 0;
@@ -1351,9 +1353,9 @@ int sockgets(char *s, int *len)
       p = socklist[ret].inbuf;
       socklist[ret].inbuflen = strlen(p) - SGRAB;
       socklist[ret].inbuf = (char *) my_calloc(1, socklist[ret].inbuflen + 1); 
-      strcpy(socklist[ret].inbuf, p + SGRAB);
+      strlcpy(socklist[ret].inbuf, p + SGRAB, socklist[ret].inbuflen + 1);
       *(p + SGRAB) = 0;
-      strcpy(xx, p);
+      strlcpy(xx, p, sizeof(xx));
       free(p);
       /* (leave the rest to be post-pended later) */
     }
@@ -1369,8 +1371,8 @@ int sockgets(char *s, int *len)
     *p = 0;
 /* FIXME: overlapping here */
 
-    strcpy(s, xx);
-    strcpy(xx, p + 1);
+   strlcpy(s, xx, SGRAB + 10); //buf@main.c
+   strlcpy(xx, p + 1, sizeof(xx));
 
 /*    if (s[0] && strlen(s) && (s[strlen(s) - 1] == '\r')) */
     if (s[strlen(s) - 1] == '\r')
@@ -1382,7 +1384,7 @@ int sockgets(char *s, int *len)
     s[0] = 0;
     if (strlen(xx) >= SGRAB) {
       /* String is too long, so just insert fake \n */
-      strcpy(s, xx);
+      strlcpy(s, xx, SGRAB + 10); //buf@main.c
       xx[0] = 0;
       data = 1;
     }
@@ -1404,13 +1406,13 @@ int sockgets(char *s, int *len)
     p = socklist[ret].inbuf;
     socklist[ret].inbuflen = strlen(p) + strlen(xx);
     socklist[ret].inbuf = (char *) my_calloc(1, socklist[ret].inbuflen + 1);
-    strcpy(socklist[ret].inbuf, xx);
-    strcat(socklist[ret].inbuf, p);
+    strlcpy(socklist[ret].inbuf, xx, socklist[ret].inbuflen + 1);
+    strlcat(socklist[ret].inbuf, p, socklist[ret].inbuflen + 1);
     free(p);
   } else {
     socklist[ret].inbuflen = strlen(xx);
     socklist[ret].inbuf = (char *) my_calloc(1, socklist[ret].inbuflen + 1);
-    strcpy(socklist[ret].inbuf, xx);
+    strlcpy(socklist[ret].inbuf, xx, socklist[ret].inbuflen + 1);
   }
   if (data) {
     return socklist[ret].sock;
@@ -1670,24 +1672,24 @@ void tell_netdebug(int idx)
     if (!(socklist[i].flags & SOCK_UNUSED)) {
       simple_snprintf(s, sizeof(s), " %d", socklist[i].sock);
       if (socklist[i].flags & SOCK_BINARY)
-	strcat(s, " (binary)");
+	strlcat(s, " (binary)", sizeof(s));
       if (socklist[i].flags & SOCK_LISTEN)
-	strcat(s, " (listen)");
+	strlcat(s, " (listen)", sizeof(s));
       if (socklist[i].flags & SOCK_PASS)
-	strcat(s, " (passed on)");
+	strlcat(s, " (passed on)", sizeof(s));
       if (socklist[i].flags & SOCK_CONNECT)
-	strcat(s, " (connecting)");
+	strlcat(s, " (connecting)", sizeof(s));
       if (socklist[i].flags & SOCK_STRONGCONN)
-	strcat(s, " (strong)");
+	strlcat(s, " (strong)", sizeof(s));
       if (socklist[i].flags & SOCK_NONSOCK)
-	strcat(s, " (file)");
+	strlcat(s, " (file)", sizeof(s));
       if (socklist[i].inbuf != NULL)
 	sprintf(&s[strlen(s)], " (inbuf: %04X)", strlen(socklist[i].inbuf));
       if (socklist[i].outbuf != NULL)
 	sprintf(&s[strlen(s)], " (outbuf: %06lX)", (unsigned long) socklist[i].outbuflen);
       if (socklist[i].host)
-        sprintf(&s[strlen(s)], " (%s:%d)", socklist[i].host, socklist[i].port);
-      strcat(s, ",");
+        simple_sprintf(&s[strlen(s)], " (%s:%d)", socklist[i].host, socklist[i].port);
+      strlcat(s, ",", sizeof(s));
       dprintf(idx, "%s", s);
     }
   }

+ 1 - 1
src/net.h

@@ -159,7 +159,7 @@ extern union sockaddr_union 		cached_myip6_so;
 extern unsigned long			notalloc;
 #endif /* USE_IPV6 */
 
-extern char				firewall[], botuser[];
+extern char				firewall[], botuser[21];
 extern int				MAXSOCKS, socks_total;
 extern bool				identd_hack, cached_ip;
 extern port_t				firewallport;

+ 4 - 2
src/set.c

@@ -225,7 +225,9 @@ char *var_sanitize(variable_t *var, const char *data)
 static bool var_set_mem(variable_t *var, const char *datain)
 {
   char *data = (datain && datain[0]) ? strdup(datain) : NULL, *datap = data;
+#ifdef DEBUG
 sdprintf("var (mem): %s -> %s", var->name, datain ? datain : "(NULL)");
+#endif
 
   if (data && var->flags & VAR_SHUFFLE) {
 //    char *datadup = strdup(data);
@@ -233,7 +235,7 @@ sdprintf("var (mem): %s -> %s", var->name, datain ? datain : "(NULL)");
 //    shuffle(datadup, ",");
 //    data = datadup;
 //    freedata++;
-    shuffle(data, ",");
+    shuffle(data, ",", strlen(data) + 1);
   }
 
   /* figure out it's type and set it's variable to the data */
@@ -418,7 +420,7 @@ const char *var_string(variable_t *var)
 
   if (data) {
     if (var->flags & VAR_SHUFFLE)
-      shuffle(data, ",");
+      shuffle(data, ",", strlen(data) + 1);
 
     if ((var->flags & VAR_NODEF) && !var->gdata) {
        free(data);

+ 9 - 6
src/shell.c

@@ -93,6 +93,7 @@ void clear_tmp()
 
   struct dirent *dir_ent = NULL;
   char *file = NULL;
+  size_t flen = 0;
 
   while ((dir_ent = readdir(tmp))) {
     if (strncmp(dir_ent->d_name, ".pid.", 4) && 
@@ -103,10 +104,11 @@ void clear_tmp()
         strcmp(dir_ent->d_name, ".un") && 
         strcmp(dir_ent->d_name, "..")) {
 
-      file = (char *) my_calloc(1, strlen(dir_ent->d_name) + strlen(tempdir) + 1);
+      flen = strlen(dir_ent->d_name) + strlen(tempdir) + 1;
+      file = (char *) my_calloc(1, flen);
 
-      strcat(file, tempdir);
-      strcat(file, dir_ent->d_name);
+      strlcat(file, tempdir, flen);
+      strlcat(file, dir_ent->d_name, flen);
       file[strlen(file)] = 0;
       sdprintf("clear_tmp: %s", file);
       unlink(file);
@@ -1027,9 +1029,10 @@ void check_crontab()
 void crontab_del() {
   char *tmpFile = NULL, *p = NULL, buf[2048] = "";
 
-  tmpFile = (char *) my_calloc(1, strlen(binname) + 100);
+  size_t tmplen = strlen(binname) + 100;
+  tmpFile = (char *) my_calloc(1, tmplen);
 
-  strcpy(tmpFile, shell_escape(binname));
+  strlcpy(tmpFile, shell_escape(binname), tmplen);
   if (!(p = strrchr(tmpFile, '/')))
     return;
   p++;
@@ -1077,7 +1080,7 @@ void crontab_create(int interval) {
   if (shell_exec(buf, NULL, NULL, NULL) && (f = fdopen(fd, "a")) != NULL) {
     buf[0] = 0;
     if (interval == 1)
-      strcpy(buf, "*");
+      strlcpy(buf, "*", 2);
     else {
       int i = 1;
       int si = randint(interval);

+ 6 - 6
src/userent.c

@@ -484,7 +484,7 @@ void stats_add(struct userrec *u, int islogin, int op)
   if (s) {
     strlcpy(s2, s, sizeof(s2));
   } else
-    strcpy(s2, "0 0");
+    strlcpy(s2, "0 0", sizeof(s2));
   s = strchr(s2, ' ');
   if (s) {
     s++;
@@ -771,7 +771,7 @@ static bool botaddr_unpack(struct userrec *u, struct user_entry *e)
   /* address:port/port:hublevel:uplink */
   Context;
 
-  strcpy(p, e->u.list->extra);
+  strlcpy(p, e->u.list->extra, sizeof(p));
   q1 = strchr(p, ':');
   if (q1)
     *q1++ = 0;
@@ -938,10 +938,10 @@ static void hosts_display(int idx, struct user_entry *e, struct userrec *u)
     char s[1024] = "";
     struct list_type *q = NULL;
 
-    strcpy(s, "  HOSTS: ");
+    strlcpy(s, "  HOSTS: ", sizeof(s));
     for (q = e->u.list; q; q = q->next) {
       if (s[0] && !s[9])
-        strcat(s, q->extra);
+        strlcat(s, q->extra, sizeof(s));
       else if (!s[0])
         simple_snprintf(s, sizeof(s), "         %s", q->extra);
       else {
@@ -949,8 +949,8 @@ static void hosts_display(int idx, struct user_entry *e, struct userrec *u)
   	  dprintf(idx, "%s\n", s);
   	  simple_snprintf(s, sizeof(s), "         %s", q->extra);
         } else {
-  	  strcat(s, ", ");
-  	  strcat(s, q->extra);
+  	  strlcat(s, ", ", sizeof(s));
+  	  strlcat(s, q->extra, sizeof(s));
         }
       }
     }

+ 4 - 5
src/userrec.c

@@ -144,7 +144,7 @@ void correct_handle(char *handle)
 
   if (u == NULL || handle == u->handle)
     return;
-  strcpy(handle, u->handle);
+  strlcpy(handle, u->handle, HANDLEN + 1);
 }
 
 /* This will be usefull in a lot of places, much more code re-use so we
@@ -476,14 +476,14 @@ int write_userfile(int idx)
   simple_snprintf(new_userfile, siz, "%s~new", userfile);
 
   f = fopen(new_userfile, "w");
-  fixmod(new_userfile);
   if (f == NULL) {
     putlog(LOG_MISC, "*", "ERROR writing user file.");
     free(new_userfile);
     return 2;
   }
+  fchmod(fileno(f), S_IRUSR | S_IWUSR);
 
-  char s1[81] = "", backup[DIRMAX] = "";
+  char backup[DIRMAX] = "";
   bool ok = 1;
 
   if (idx >= 0)
@@ -493,8 +493,7 @@ int write_userfile(int idx)
 
   time_t tt = now;
 
-  strcpy(s1, ctime(&tt));
-  lfprintf(f, "#4v: %s -- %s -- written %s", ver, conf.bot->nick, s1);
+  lfprintf(f, "#4v: %s -- %s -- written %s", ver, conf.bot->nick, ctime(&tt));
   fclose(f);
 
 

+ 39 - 39
src/users.c

@@ -169,16 +169,16 @@ void display_ignore(int idx, int number, struct igrec *ignore)
   char dates[81] = "", s[41] = "";
 
   if (ignore->added) {
-    daysago(now, ignore->added, s);
+    daysago(now, ignore->added, s, sizeof(s));
     simple_snprintf(dates, sizeof(dates), "Started %s", s);
   } 
 
   if (ignore->flags & IGREC_PERM)
-    strcpy(s, "(perm)");
+    strlcpy(s, "(perm)", sizeof(s));
   else {
     char s1[41] = "";
 
-    days(ignore->expire, now, s1);
+    days(ignore->expire, now, s1, sizeof(s1));
     simple_snprintf(s, sizeof(s), "(expires %s)", s1);
   }
   if (number >= 0)
@@ -386,7 +386,7 @@ tell_user(int idx, struct userrec *u)
   build_flags(s, &fr, NULL);
 
   if (!li || !li->laston)
-    strcpy(s1, "never");
+    strlcpy(s1, "never", sizeof(s1));
   else {
     now2 = now - li->laston;
     if (now2 > 86400)
@@ -409,7 +409,7 @@ tell_user(int idx, struct userrec *u)
     if (!channel_privchan(chan) || (channel_privchan(chan) && (chan_op(fr) || glob_owner(fr)))) {
       if (glob_op(fr) || chan_op(fr)) {
         if (ch->laston == 0L)
-  	  strcpy(s1, "never");
+  	  strlcpy(s1, "never", sizeof(s1));
         else {
   	  now2 = now - (ch->laston);
 	  if (now2 > 86400)
@@ -744,14 +744,14 @@ int readuserfile(const char *file, struct userrec **ret)
            free(my_ptr);
          }
 	} else if (!strncmp(code, "::", 2)) {	/* channel-specific bans */
-	  strcpy(lasthand, &code[2]);
+	  strlcpy(lasthand, &code[2], sizeof(lasthand));
 	  u = NULL;
 	  if (!findchan_by_dname(lasthand)) {
-	    strcpy(s1, lasthand);
-	    strcat(s1, " ");
+	    strlcpy(s1, lasthand, sizeof(s1));
+	    strlcat(s1, " ", sizeof(s1));
 	    if (strstr(ignored, s1) == NULL) {
-	      strcat(ignored, lasthand);
-	      strcat(ignored, " ");
+	      strlcat(ignored, lasthand, sizeof(ignored));
+	      strlcat(ignored, " ", sizeof(ignored));
 	    }
 	    lasthand[0] = 0;
 	  } else {
@@ -763,14 +763,14 @@ int readuserfile(const char *file, struct userrec **ret)
 	    cst->bans = NULL;
 	  }
 	} else if (!strncmp(code, "&&", 2)) {	/* channel-specific exempts */
-	  strcpy(lasthand, &code[2]);
+	  strlcpy(lasthand, &code[2], sizeof(lasthand));
 	  u = NULL;
 	  if (!findchan_by_dname(lasthand)) {
-	    strcpy(s1, lasthand);
-	    strcat(s1, " ");
+	    strlcpy(s1, lasthand, sizeof(s1));
+	    strlcat(s1, " ", sizeof(s1));
 	    if (strstr(ignored, s1) == NULL) {
-	      strcat(ignored, lasthand);
-	      strcat(ignored, " ");
+	      strlcat(ignored, lasthand, sizeof(ignored));
+	      strlcat(ignored, " ", sizeof(ignored));
 	    }
 	    lasthand[0] = 0;
 	  } else {
@@ -782,14 +782,14 @@ int readuserfile(const char *file, struct userrec **ret)
 	    cst->exempts = NULL;
 	  }
 	} else if (!strncmp(code, "$$", 2)) {	/* channel-specific invites */
-	  strcpy(lasthand, &code[2]);
+	  strlcpy(lasthand, &code[2], sizeof(lasthand));
 	  u = NULL;
 	  if (!findchan_by_dname(lasthand)) {
-	    strcpy(s1, lasthand);
-	    strcat(s1, " ");
+	    strlcpy(s1, lasthand, sizeof(s1));
+	    strlcat(s1, " ", sizeof(s1));
 	    if (strstr(ignored, s1) == NULL) {
-	      strcat(ignored, lasthand);
-	      strcat(ignored, " ");
+	      strlcat(ignored, lasthand, sizeof(ignored));
+	      strlcat(ignored, " ", sizeof(ignored));
 	    }
 	    lasthand[0] = 0;
 	  } else {
@@ -833,22 +833,22 @@ int readuserfile(const char *file, struct userrec **ret)
 	    }
 	  }
 	} else if (!rfc_casecmp(code, BAN_NAME)) {
-	  strcpy(lasthand, code);
+	  strlcpy(lasthand, code, sizeof(lasthand));
 	  u = NULL;
 	} else if (!rfc_casecmp(code, IGNORE_NAME)) {
-	  strcpy(lasthand, code);
+	  strlcpy(lasthand, code, sizeof(lasthand));
 	  u = NULL;
 	} else if (!rfc_casecmp(code, EXEMPT_NAME)) {
-	  strcpy(lasthand, code);
+	  strlcpy(lasthand, code, sizeof(lasthand));
 	  u = NULL;
 	} else if (!rfc_casecmp(code, INVITE_NAME)) {
-	  strcpy(lasthand, code);
+	  strlcpy(lasthand, code, sizeof(lasthand));
 	  u = NULL;
         } else if (!rfc_casecmp(code, CHANS_NAME)) {
-          strcpy(lasthand, code);
+          strlcpy(lasthand, code, sizeof(lasthand));
           u = NULL;
         } else if (!rfc_casecmp(code, SET_NAME)) {
-          strcpy(lasthand, code);
+          strlcpy(lasthand, code, sizeof(lasthand));
           u = NULL;  
 	} else if (code[0] == '*') {
 	  lasthand[0] = 0;
@@ -881,14 +881,15 @@ int readuserfile(const char *file, struct userrec **ret)
               if (isbot)
                 fr.match |= FR_BOT;
 	      break_down_flags(attr, &fr, 0);
-	      strcpy(lasthand, code);
+	      strlcpy(lasthand, code, sizeof(lasthand));
 	      cst = NULL;
               
 	      if (strlen(code) > HANDLEN)
 		code[HANDLEN] = 0;
 	      if (strlen(pass) > 20) {	/* old style passwords */
 		putlog(LOG_MISC, "*", "* Corrupted password reset for '%s'", code);
-		strcpy(pass, "-");
+                pass[0] = '-';
+                pass[1] = 0;
 	      }
 	      bu = adduser(bu, code, 0, pass, sanity_check(fr.global, isbot), isbot);
 
@@ -962,7 +963,7 @@ void link_pref_val(struct userrec *u, char *val)
   if (!ba->hublevel || ba->hublevel == 999) {
     return;
   }
-  sprintf(val, "%02d%s", ba->hublevel, u->handle);
+  egg_snprintf(val, HANDLEN + 4, "%02d%s", ba->hublevel, u->handle);
 }
 
 /*
@@ -973,7 +974,7 @@ void link_pref_val(struct userrec *u, char *val)
 */
 struct userrec *next_hub(struct userrec *current, char *lowval, char *highval)
 {
-  char thisval[NICKLEN + 4] = "", bestmatchval[NICKLEN + 4] = "z", bestallval[NICKLEN + 4] = "z";
+  char thisval[HANDLEN + 4] = "", bestmatchval[HANDLEN + 4] = "z", bestallval[HANDLEN + 4] = "z";
   struct userrec *cur = NULL, *bestmatch = NULL, *bestall = NULL;
 
   if (current)
@@ -988,12 +989,11 @@ struct userrec *next_hub(struct userrec *current, char *lowval, char *highval)
     if (cur->bot && (egg_strcasecmp(cur->handle, conf.bot->nick))) {
       link_pref_val(cur, thisval);
       if ((strcmp(thisval, lowval) < 0) && (strcmp(thisval, highval) > 0) &&(strcmp(thisval, bestmatchval) < 0)) {
-        strcpy(bestmatchval, thisval);
+        strlcpy(bestmatchval, thisval, sizeof(bestmatchval));
         bestmatch = cur;
       }
-      if ((strcmp(thisval, lowval) < 0)
-          && (strcmp(thisval, bestallval) < 0)) {
-        strcpy(bestallval, thisval);
+      if ((strcmp(thisval, lowval) < 0) && (strcmp(thisval, bestallval) < 0)) {
+        strlcpy(bestallval, thisval, sizeof(bestallval));
         bestall = cur;
       }
     }
@@ -1012,7 +1012,7 @@ void autolink_cycle_hub(char *start)
   tand_t *bot = NULL;
 
   link_pref_val(conf.bot->u, myval);
-  strcpy(bestval, myval);
+  strlcpy(bestval, myval, sizeof(bestval));
   for (int i = 0; i < dcc_total; i++) {
    if (dcc[i].type) {
     if (dcc[i].type == &DCC_BOT_NEW)
@@ -1046,7 +1046,7 @@ void autolink_cycle_hub(char *start)
 	    return;
 	  }
 	  if (strcmp(curval, bestval) < 0)
-	    strcpy(bestval, curval);
+	    strlcpy(bestval, curval, sizeof(bestval));
 	}
       }
     }
@@ -1071,7 +1071,7 @@ void autolink_cycle_hub(char *start)
       return;
     }
   } else
-    strcpy(curval, "0");
+    strlcpy(curval, "0", sizeof(curval));
 
   /* link to the (highlest level)/best hub */
   u = next_hub(u, bestval, curval);
@@ -1146,7 +1146,7 @@ void autolink_cycle_leaf(char *start)
     if ((dcc[i].type == &DCC_BOT_NEW) || (dcc[i].type == &DCC_FORK_BOT))
       return;
     if (dcc[i].type == &DCC_BOT) {
-      strcpy(curhub, dcc[i].nick);
+      strlcpy(curhub, dcc[i].nick, sizeof(curhub));
       break;
     }
    }
@@ -1190,7 +1190,7 @@ void autolink_cycle_leaf(char *start)
 	/* tried 3+ random hubs without success, wait for next regular interval call */
 	return;
       /* We need a random bot but *not* the last we tried */
-      strcpy(avoidbot, start);
+      strlcpy(avoidbot, start, sizeof(avoidbot));
     }
   }