Index: connect.c
===================================================================
RCS file: /usr/local/cvsrp/mars/connect.c,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 connect.c
--- connect.c	1999/06/04 09:37:54	1.1.1.4
+++ connect.c	1999/10/08 10:42:46
@@ -115,13 +115,13 @@
     strcpy(unixname, "Z/Z/Z/Z"); /*  */
     return(unixname);
   }
-  strcpy(unixname, (char*)nw_volumes[volume].unixname); /* first UNIXNAME VOLUME */
+  strmaxcpy(unixname, (char*)nw_volumes[volume].unixname, sizeof(unixname)-1); /* first UNIXNAME VOLUME */
 
   p  = pp = unixname+strlen(unixname);
-  strcpy(p,  (char*)nwpath->path);  /* now the path */
+  strmaxcpy(p, (char*)nwpath->path, (sizeof(unixname)-strlen(unixname)-1));  /* now the path */
   p += strlen((char*)nwpath->path);
   if ( (!(modus & 1)) && nwpath->fn[0])
-    strcpy(p, (char*)nwpath->fn);    /* and now fn  */
+    strmaxcpy(p, (char*)nwpath->fn, (sizeof(unixname)-strlen(unixname)-1));    /* and now fn  */
   else if ((modus & 2) && (*(p-1) == '/')) {
     if (p > unixname+1) *(--p) = '\0';
     else {
@@ -178,7 +178,7 @@
 
   /* init dir_handle */
   dh=&(dir_handles[rethandle-1]);
-  strcpy(dh->unixname, build_unix_name(nwpath, 0));
+  strmaxcpy(dh->unixname, build_unix_name(nwpath, 0), sizeof(dh->unixname)-1);
   dh->kpath         = dh->unixname + strlen(dh->unixname);
   if (dh->f) {
     closedir(dh->f);
@@ -394,8 +394,8 @@
   char volname[100];
   if (p->volume < 0 || p->volume >= used_nw_volumes) {
     sprintf(volname, "<%d=NOT-OK>", (int)p->volume);
-  } else strcpy(volname, (char*)nw_volumes[p->volume].sysname);
-  sprintf(nwpathname, "%s:%s%s", volname, p->path, p->fn);
+  } else strmaxcpy(volname, (char*)nw_volumes[p->volume].sysname, sizeof(volname)-1);
+  snprintf(nwpathname, sizeof(nwpathname), "%s:%s%s", volname, p->path, p->fn);
   return(nwpathname);
 }
 
@@ -522,10 +522,10 @@
   fs->attrib  = attrib;
   if (volume < 0 || volume >= used_nw_volumes) return(-1); /* something wrong */
   else  soptions = nw_volumes[volume].options;
-  strcpy((char*)entry,  (char*)nwpath->fn);
+  strmaxcpy((char*)entry, (char*)nwpath->fn, sizeof(entry)-1);
 
   nwpath->fn[0] = '\0';
-  strcpy(xkpath, build_unix_name(nwpath, 1|2));
+  strmaxcpy(xkpath, build_unix_name(nwpath, 1|2), sizeof(xkpath)-1);
 
   XDPRINTF((5,0,"func_search_entry attrib=0x%x path:%s:, xkpath:%s:, entry:%s:",
         attrib, nwpath->path, xkpath, entry));
@@ -554,12 +554,12 @@
                  || fn_dos_match(dname, entry, soptions)));
         if (okflag) {
           *kpath = '\0';
-          strcpy(kpath, (char*)name);
+          strmaxcpy(kpath, (char*)name, sizeof(xkpath)-strlen(xkpath)-1);
           if (!s_stat(xkpath, &(fs->statb), NULL)) {
             okflag = (  ( ( (fs->statb.st_mode & S_IFMT) == S_IFDIR) &&  (attrib & 0x10))
                   ||    ( ( (fs->statb.st_mode & S_IFMT) != S_IFDIR) && !(attrib & 0x10)));
             if (okflag){
-              strcpy((char*)nwpath->fn, (char*)dname);
+              strmaxcpy((char*)nwpath->fn, (char*)dname, sizeof(nwpath->fn)-1);
               XDPRINTF((5,0,"FOUND=:%s: attrib=0x%x", nwpath->fn, fs->statb.st_mode));
               result = (*fs_func)(nwpath, fs);
               if (result < 0) break;
@@ -592,9 +592,9 @@
   int            akt_sequence=0;
   if (volume < 0 || volume >= used_nw_volumes) return(-0x98); /* something wrong */
   else  soptions = nw_volumes[volume].options;
-  strcpy((char*)entry,  (char*)nwpath->fn);
+  strmaxcpy((char*)entry,  (char*)nwpath->fn, sizeof(entry)-1);
   nwpath->fn[0] = '\0';
-  strcpy(xkpath, build_unix_name(nwpath, 1|2));
+  strmaxcpy(xkpath, build_unix_name(nwpath, 1|2), sizeof(xkpath)-1);
   XDPRINTF((5,0,"get_dir_entry attrib=0x%x path:%s:, xkpath:%s:, entry:%s:",
                           attrib, nwpath->path, xkpath, entry));
 
@@ -632,7 +632,7 @@
                  || fn_dos_match(dname, entry, soptions)))) ? 0 : -0xff;
         if (!okflag) {
           *kpath = '\0';
-          strcpy(kpath, (char*)name);
+          strmaxcpy(kpath, (char*)name, sizeof(xkpath)-strlen(xkpath)-1);
           if (!s_stat(xkpath, statb, NULL)) {
             okflag = ((  ( ( (statb->st_mode & S_IFMT) == S_IFDIR) &&  (attrib & 0x10))
                   ||    ( ( (statb->st_mode & S_IFMT) != S_IFDIR) && !(attrib & 0x10))))
@@ -641,7 +641,7 @@
               if (soptions & VOL_OPTION_IS_PIPE)  {
                 statb->st_size  = 0x70000000|(statb->st_mtime&0xfffffff);
               }
-              strcpy((char*)nwpath->fn, (char*)dname);
+              strmaxcpy((char*)nwpath->fn, (char*)dname, sizeof(nwpath->fn)-1);
               XDPRINTF((5,0,"FOUND=:%s: attrib=0x%x", nwpath->fn, statb->st_mode));
               break; /* ready */
             }
@@ -682,7 +682,8 @@
                         int    *sequence,
                         int    attrib,
                         char   *unixname,
-                        struct stat *statb)
+                        struct stat *statb,
+			int len)
 
 /* returns 1 if OK and 0 if not OK */
 {
@@ -728,7 +729,7 @@
                  || fn_dos_match(dname, entry, dh->vol_options)));
 
         if (okflag) {
-          strcpy(dh->kpath, (char*)name);
+          strmaxcpy(dh->kpath, (char*)name, sizeof(dh->unixname)- (dh->kpath - dh->unixname) - 1);
           XDPRINTF((5,0,"get_dh_entry Name=%s unixname=%s",
                                   name, dh->unixname));
 
@@ -737,8 +738,8 @@
                      || (((statb->st_mode & S_IFMT) != S_IFDIR) && !(attrib & 0x10)));
             if (okflag){
               if (unixname)
-                strcpy(unixname, dh->unixname);
-              strcpy((char*)search, (char*)dname);
+                strmaxcpy(unixname, dh->unixname, sizeof(dh->unixname)-1);
+              strmaxcpy((char*)search, (char*)dname, len-1);
               break; /* ready */
             }
           } else okflag = 0;
@@ -758,7 +759,8 @@
                          uint8 *fn,
                          int   *has_wild,
                          uint8 *data,
-                         int   len)
+                         int   len,
+			 int   lenn)
 
 /* is called from build_path  */
 {
@@ -790,10 +792,10 @@
    *p1 = '\0';
    if (fn != NULL) {  /* if with filename     */
      if (p != NULL){  /* exist directory-path  */
-       strcpy((char*)fn, (char*)p);
+       strmaxcpy((char*)fn, (char*)p, lenn-1);
        *p = '\0';
      } else {         /* only filename */
-       strcpy((char*)fn, (char*)path);
+       strmaxcpy((char*)fn, (char*)path, lenn-1);
        *path= '\0';
      }
    }
@@ -816,7 +818,7 @@
                      (only_dir) ? (uint8)NULL
                                 : path->fn,
                      &(path->has_wild),
-                     data, len);
+                     data, len, sizeof(path->fn));
 
   path->volume = -1;
   if (only_dir) path->fn[0] = '\0';
@@ -879,7 +881,7 @@
    uint8      *ppp=nwpath->path;
    int        completition=0;
 
-   strcpy((char*)searchpath, (char*)ppp);  /* save path */
+   strmaxcpy((char*)searchpath, (char*)ppp, sizeof(searchpath)-1);  /* save path */
 
    if (nwpath->volume > -1) { /* absolute path */
      *ppp= '\0';
@@ -892,7 +894,7 @@
          *ppp = '\0';
        } else { /* get path from dir_handle */
          NW_VOL *v = &nw_volumes[nwpath->volume];
-         strcpy((char*)ppp, (char*)dirs[dir_handle].path);
+         strmaxcpy((char*)ppp, (char*)dirs[dir_handle].path, sizeof(nwpath->path)-1);
          if (v->options & VOL_OPTION_IGNCASE)
             ppp += strlen(ppp);
        }
@@ -974,9 +976,9 @@
          int   pathlen = strlen(nwpath->path);
          int   fnlen   = strlen(nwpath->fn);
          memcpy(unixname, v->unixname, v->unixnamlen);
-         strcpy(pp, nwpath->path);
+         strmaxcpy(pp, nwpath->path, sizeof(unixname)-v->unixnamlen-1);
          if (fnlen)
-           strcpy(pp+pathlen, nwpath->fn);
+           strmaxcpy(pp+pathlen, nwpath->fn, sizeof(unixname)-v->unixnamlen-pathlen-1);
          dos2unixcharset(pp);
          pp      += offset;
          pathlen -= offset;
@@ -1008,7 +1010,7 @@
 }
 
 int conn_get_full_path(int dirhandle, uint8 *data, int len,
-                       uint8 *fullpath)
+                       uint8 *fullpath, int lenn)
 /* returns path in form VOLUME:PATH */
 {
   NW_PATH nwpath;
@@ -1023,7 +1025,7 @@
        nw_volumes[nwpath.volume].sysname, p);
     if (nwpath.fn[0]) {
       if (*p) fullpath[len++]='/';
-      strcpy(fullpath+len, nwpath.fn);
+      strmaxcpy(fullpath+len, nwpath.fn, lenn-len-1);
     }
     result=len+strlen(nwpath.fn);
   }
@@ -1046,7 +1048,7 @@
      completition = build_dir_name(&nwpath, &stbuff, dirhandle);
   if (completition > -1) {
     if (unixname)
-      strcpy(unixname, build_unix_name(&nwpath, 0));
+      strmaxcpy(unixname, build_unix_name(&nwpath, 0), 299);
     completition=nwpath.volume;
   }
   XDPRINTF((5, 0, "conn_get_kpl_unxname: completition=0x%x", completition));
@@ -1149,7 +1151,7 @@
 static int do_delete_file(NW_PATH *nwpath, FUNC_SEARCH *fs)
 {
   char           unname[256];
-  strcpy(unname, build_unix_name(nwpath, 0));
+  strmaxcpy(unname, build_unix_name(nwpath, 0), sizeof(unname)-1);
   XDPRINTF((5,0,"DELETE FILE unname:%s:", unname));
   return(nw_unlink_node(nwpath->volume, unname, &(fs->statb)));
 }
@@ -1362,12 +1364,12 @@
 
   if (completition > -1) {
     char qfn[256];
-    strcpy(qfn, build_unix_name(&quellpath,0));
+    strmaxcpy(qfn, build_unix_name(&quellpath,0), sizeof(qfn)-1);
     completition=conn_get_kpl_path(&zielpath, &zstbuff, zdirhandle, z, zlen, 0);
     if (completition > -1) {
       char zpath[256];
       completition=0;
-      strcpy(zpath, build_unix_name(&zielpath, 1));
+      strmaxcpy(zpath, build_unix_name(&zielpath, 1), sizeof(zpath)-1);
       if (stat(qfn, &qstbuff) || 
         tru_eff_rights_exists(quellpath.volume, qfn, &qstbuff, 
            TRUSTEE_W|TRUSTEE_M|TRUSTEE_R))
@@ -1378,7 +1380,7 @@
     }
     if (!completition){
       char unziel[256];
-      strcpy(unziel, build_unix_name(&zielpath,0));
+      strmaxcpy(unziel, build_unix_name(&zielpath,0), sizeof(unziel)-1);
       
       seteuid(0);
       if (entry8_flags & 0x4)  /* new: 20-Nov-96 */
@@ -1407,7 +1409,7 @@
   NW_FILE_INFO *f=(NW_FILE_INFO*)fs->ubuf;
   int voloptions = get_volume_options(nwpath->volume);
   struct stat statb;
-  strcpy(unname, build_unix_name(nwpath, 0));
+  strmaxcpy(unname, build_unix_name(nwpath, 0), sizeof(unname)-1);
   if (!stat(unname, &statb)) {
     if (S_ISFIFO(statb.st_mode) || (voloptions&VOL_OPTION_IS_PIPE))
       return(0); /* do nothing but report OK */
@@ -1492,7 +1494,7 @@
   }
   if (completition < 0) return(completition);
   voloptions=get_volume_options(nwpath.volume);
-  strcpy(unname, build_unix_name(&nwpath, 2));
+  strmaxcpy(unname, build_unix_name(&nwpath, 2), sizeof(unname)-1);
   XDPRINTF((5,0,"set file attrib 0x%x, unname:%s:", newattrib,  unname));
 
   if (!s_stat(unname, &stbuff, &stb)){
@@ -1558,7 +1560,7 @@
   struct stat stb;
   uint8 path[260];
   uint8 *p=path+strlen(unname);
-  strcpy(path, unname);
+  strmaxcpy(path, unname, sizeof(path)-1);
   while (p > path && *p != '/') --p;
   if (p > path) {
     *p='\0';
@@ -1667,7 +1669,7 @@
                     dir_handle, data, len, (mode) ? 0 : 1 );
   if (completition > -1) {
     char unname[256];
-    strcpy(unname, build_unix_name(&nwpath, 2));
+    strmaxcpy(unname, build_unix_name(&nwpath, 2), sizeof(unname)-1);
     if (mode) {
       completition=nw_creat_node(nwpath.volume, unname, 1);
     } else { /* rmdir */
@@ -1694,7 +1696,7 @@
     char zpath[256];
     struct stat zstbuff;
     completition = 0;
-    strcpy(qfn, build_unix_name(&quellpath,0));
+    strmaxcpy(qfn, build_unix_name(&quellpath,0), sizeof(qfn)-1);
     memcpy(&zielpath, &quellpath, sizeof(NW_PATH));
     strmaxcpy(zielpath.fn, destdata, destdatalen);
     
@@ -1714,7 +1716,7 @@
      */
 #endif
     
-    strcpy(zpath, build_unix_name(&zielpath, 1));
+    strmaxcpy(zpath, build_unix_name(&zielpath, 1), sizeof(zpath)-1);
     if (stat(qfn, &qstbuff) || 
         tru_eff_rights_exists(quellpath.volume, qfn, &qstbuff, 
            TRUSTEE_W|TRUSTEE_M|TRUSTEE_R))
@@ -1727,7 +1729,7 @@
     if (completition > -1){
       int result;
       char unziel[256];
-      strcpy(unziel,   build_unix_name(&zielpath,  0));
+      strmaxcpy(unziel, build_unix_name(&zielpath, 0), sizeof(unziel)-1);
       
       seteuid(0);
       result = unx_mvdir((uint8 *)qfn, (uint8 *)unziel);
@@ -1815,7 +1817,7 @@
     NW_DIR *d    = &(dirs[0]);
     int namspace_max_baseh=0;
     int namspace_max_searchh=0;
-    strcpy((char*)nwlogin.path, (char*)login);
+    strmaxcpy((char*)nwlogin.path, (char*)login, sizeof(nwlogin.path)-1);
     nwlogin.fn[0]   = '\0';
     nwlogin.volume  = 0;
 
@@ -1850,7 +1852,7 @@
         entry8_flags = hextoi((char*)buff);
       } else if (what == 9) { /* umode */
         uint8 buf1[300], buf2[300];
-        if (2 == sscanf((char*)buff, "%s %s", buf1, buf2)) {
+        if (2 == sscanf((char*)buff, "%300s %300s", buf1, buf2)) {
           default_umode_dir  = octtoi(buf1);
           default_umode_file = octtoi(buf2);
         }
@@ -1999,7 +2001,7 @@
                         &stbuff);
       if (!completition) {
          char unixname[300];
-         strcpy(unixname, build_unix_name(&nwpath, 0));
+         strmaxcpy(unixname, build_unix_name(&nwpath, 0), sizeof(unixname)-1);
          if ( S_ISDIR(stbuff.st_mode) ) {
            get_dir_attrib((NW_DIR_INFO*)info, unixname, &stbuff,
                    &nwpath);
@@ -2056,7 +2058,7 @@
                       &searchsequence,
                       search_attrib,
                       unixname,
-                      &stbuff)){
+                      &stbuff, sizeof(nwpath.fn))){
 
        if ( S_ISDIR(stbuff.st_mode) ) {
          get_dir_attrib((NW_DIR_INFO*)info, unixname,  &stbuff,
@@ -2086,7 +2088,7 @@
    int inode=conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len, 1);
    if (inode > -1) {
      uint8   unixname[257];
-     strcpy(unixname, build_unix_name(&nwpath, 0));
+     strmaxcpy(unixname, build_unix_name(&nwpath, 0), sizeof(unixname)-1);
      inode = insert_new_dir(&nwpath, stbuff.st_dev, stbuff.st_ino,
                            driveletter, is_temphandle, task);
      *eff_rights=tru_get_eff_rights(nwpath.volume, unixname, &stbuff);
@@ -2225,7 +2227,7 @@
   int completition = conn_get_kpl_path(&nwpath, &stbuff, 
                                dir_handle, data, len, 0);
   if (completition < 0) return(completition);
-  strcpy(unname, build_unix_name(&nwpath, 0));
+  strmaxcpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1);
   if (s_stat(unname, &stbuff, NULL) ||
     (!modus && !S_ISDIR(stbuff.st_mode)) ) {
     completition = -0x9c;
@@ -2248,7 +2250,7 @@
   int completition = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len, 0);
   if (completition > -1) {
      char unixname[300];
-     strcpy(unixname, build_unix_name(&nwpath, 0));
+     strmaxcpy(unixname, build_unix_name(&nwpath, 0), sizeof(unixname)-1);
      completition=file_creat_open(nwpath.volume, (uint8*)unixname,
                       &stbuff, attrib, access, creatmode, task);
 
@@ -2283,7 +2285,7 @@
       up_fn(wild);
     }
 
-    strcpy((char*)dirname, (char*)wild);
+    strmaxcpy((char*)dirname, (char*)wild, sizeof(dirname)-1);
     XDPRINTF((5,0,"SCAN_DIR: rights = 0x%x, subnr = %d",
                 (int)rights, (int)GET_BE16(subnr)));
 
@@ -2294,7 +2296,7 @@
                             &searchsequence,
                             0x10,
                             unixname,
-                            &stbuff) ) {
+                            &stbuff, sizeof(dirname)) ) {
 
         XDPRINTF((5,0,"SCAN_DIR: von %s, found %s:", dh->unixname, dirname));
         if (++aktsequence == dirsequence) { /* actual found */
@@ -2306,7 +2308,7 @@
           un_time_2_nw(stbuff.st_mtime, subdatetime+2, 1);
           return(tru_get_inherited_mask(volume, unixname, &stbuff));
         }
-        strcpy((char*)dirname, (char*)wild);
+        strmaxcpy((char*)dirname, (char*)wild, sizeof(dirname)-1);
       } /* while */
     } else {
       *(dh->kpath)   = '.';
@@ -2427,7 +2429,7 @@
      if (!completition) {
        char unixname[300];
        NW_SCAN_DIR_INFO *scif = (NW_SCAN_DIR_INFO*)rdata;
-       strcpy(unixname, build_unix_name(&nwpath, 0));
+       strmaxcpy(unixname, build_unix_name(&nwpath, 0), sizeof(unixname)-1);
        memset(rdata, 0, sizeof(NW_SCAN_DIR_INFO));
        U32_TO_BE32((uint32)searchsequence, scif->searchsequence);
 
@@ -2459,7 +2461,7 @@
     nwpath.path, nwpath.fn, completition));
   if (completition > -1) {
     char unixname[300];
-    strcpy(unixname, build_unix_name(&nwpath, 2));
+    strmaxcpy(unixname, build_unix_name(&nwpath, 2), sizeof(unixname)-1);
     if (!s_stat(unixname, &stbuff, NULL)) {
       NW_DOS_DIR_INFO  *d=(NW_DOS_DIR_INFO*)rdata;
       memset(rdata, 0, sizeof(NW_DOS_DIR_INFO));
@@ -2491,7 +2493,7 @@
      if (!completition) {
        char unixname[300];
        uint32 change_mask=GET_32(f->change_bits);
-       strcpy(unixname,build_unix_name(&nwpath, 0));
+       strmaxcpy(unixname,build_unix_name(&nwpath, 0), sizeof(unixname)-1);
        if (change_mask & 0x2) {
          completition=set_nw_attrib_dword(nwpath.volume, unixname, &stbuff, 
             GET_32(f->u.f.attributes));
@@ -2610,7 +2612,7 @@
   NW_PATH       nwpath;
   int result = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len, 0);
   if (result < 0) return(result);
-  strcpy(unname, build_unix_name(&nwpath, 0));
+  strmaxcpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1);
   if (s_stat(unname, &stbuff, NULL) ||
     (!extended && !S_ISDIR(stbuff.st_mode)) ) {
     result = -0x9c;
@@ -2634,7 +2636,7 @@
   NW_PATH       nwpath;
   int result = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len, 0);
   if (result < 0) return(result);
-  strcpy(unname, build_unix_name(&nwpath, 0));
+  strmaxcpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1);
   if (s_stat(unname, &stbuff, NULL) ||
     (!extended && !S_ISDIR(stbuff.st_mode)) ) {
     result = -0x9c;
@@ -2653,7 +2655,7 @@
   NW_PATH       nwpath;
   int result = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, data, len,0);
   if (result < 0) return(result);
-  strcpy(unname, build_unix_name(&nwpath, 0));
+  strmaxcpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1);
   if (s_stat(unname, &stbuff, NULL) || !S_ISDIR(stbuff.st_mode)) {
     result = -0x9c;
   } else {
@@ -2695,7 +2697,7 @@
   int result = conn_get_kpl_path(&nwpath, &stbuff, dir_handle, path, len,
                      (extended) ? 0 : 1);
   if (result < 0) return(result);
-  strcpy(unname, build_unix_name(&nwpath, 0));
+  strmaxcpy(unname, build_unix_name(&nwpath, 0), sizeof(unname)-1);
   if (s_stat(unname, &stbuff, NULL) ||
     (!extended && !S_ISDIR(stbuff.st_mode)) ) {
     result = -0x9c;
Index: connect.h
===================================================================
RCS file: /usr/local/cvsrp/mars/connect.h,v
retrieving revision 1.1.1.2
retrieving revision 1.2
diff -u -r1.1.1.2 -r1.2
--- connect.h	1999/06/04 09:37:55	1.1.1.2
+++ connect.h	1999/09/27 07:51:48	1.2
@@ -210,7 +210,7 @@
 extern int     entry8_flags; /* special flags, see examples nw.ini, entry 8 */
 
 extern int conn_get_full_path(int dirhandle, uint8 *data, int len,
-                          uint8 *fullpath);
+                          uint8 *fullpath, int lenn);
 
 extern int conn_get_kpl_unxname(char *unixname,
                          int dirhandle,
Index: nameos2.c
===================================================================
RCS file: /usr/local/cvsrp/mars/nameos2.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 nameos2.c
--- nameos2.c	1999/01/28 06:21:36	1.1.1.1
+++ nameos2.c	1999/10/08 10:42:46
@@ -116,7 +116,7 @@
 }
 #endif
 
-void mangle_os2_name(NW_VOL *vol, uint8 *unixname, uint8 *pp)
+void mangle_os2_name(NW_VOL *vol, uint8 *unixname, uint8 *pp, int len)
 {
 #if MAX_NAME_OS2_CACHE
   int     k           = -1;
@@ -149,7 +149,7 @@
       new_str(b->cache[0], pp);
     }
   } else {
-    strcpy(pp, b->cache[besthit]);
+    strmaxcpy(pp, b->cache[besthit], len-1);
     if (besthit > 2) {
       uint8 *sp=b->cache[besthit];
       while (besthit--) {
Index: nameos2.h
===================================================================
RCS file: /usr/local/cvsrp/mars/nameos2.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- nameos2.h	1999/01/28 06:21:36	1.1.1.1
+++ nameos2.h	1999/09/27 07:51:48	1.2
@@ -7,7 +7,7 @@
 #define _NAMEOS2_H_
 #if WITH_NAME_SPACE_CALLS
 
-extern void mangle_os2_name(NW_VOL *vol, uint8 *unixname, uint8 *pp);
+extern void mangle_os2_name(NW_VOL *vol, uint8 *unixname, uint8 *pp, int len);
 extern int fn_os2_match(uint8 *s, uint8 *p, int soptions);
 
 #endif
Index: namspace.c
===================================================================
RCS file: /usr/local/cvsrp/mars/namspace.c,v
retrieving revision 1.1.1.3
retrieving revision 1.2
diff -u -r1.1.1.3 -r1.2
--- namspace.c	1999/06/04 09:37:56	1.1.1.3
+++ namspace.c	1999/09/27 07:51:48	1.2
@@ -617,7 +617,7 @@
         if (nwpath->namespace == NAME_OS2) {
           dos2unixcharset(pp);
           pp+=npbeg;
-          mangle_os2_name(v, unixname, pp);
+          mangle_os2_name(v, unixname, pp, sizeof(unixname)-v->unixnamlen-npbeg);
           if (nplen > 0) {
             unix2doscharset(pp);
             memcpy(nwpath->path+npbeg, pp, nplen);
Index: nwattrib.c
===================================================================
RCS file: /usr/local/cvsrp/mars/nwattrib.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- nwattrib.c	1999/01/28 06:21:36	1.1.1.1
+++ nwattrib.c	1999/09/27 07:51:48	1.2
@@ -33,7 +33,7 @@
   int    l;
   uint8  buf_uc[4];
   U32_TO_BE32(inode, buf_uc);
-  l=sprintf(buf, "%s/%x/%x/%x/%x", path_attributes,
+  l=snprintf(buf, sizeof(buf), "%s/%x/%x/%x/%x", path_attributes,
             dev,
             (int) buf_uc[0],
             (int) buf_uc[1],
@@ -52,7 +52,7 @@
   char   buf[255];
   uint8  buf_uc[4];
   U32_TO_BE32(inode, buf_uc);
-  sprintf(buf, "%s/%x/%x/%x/%x/%x", path_attributes,
+  snprintf(buf, sizeof(buf), "%s/%x/%x/%x/%x/%x", path_attributes,
             dev,
             (int) buf_uc[0],
             (int) buf_uc[1],
@@ -71,7 +71,7 @@
   int    l;
   uint8  buf_uc[4];
   U32_TO_BE32(inode, buf_uc);
-  sprintf(buf, "%s/%x/%x/%x/%x/%x", path_attributes,
+  snprintf(buf, sizeof(buf), "%s/%x/%x/%x/%x/%x", path_attributes,
             dev,
             (int) buf_uc[0],
             (int) buf_uc[1],
Index: nwbind.c
===================================================================
RCS file: /usr/local/cvsrp/mars/nwbind.c,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 nwbind.c
--- nwbind.c	1999/06/04 09:37:58	1.1.1.4
+++ nwbind.c	1999/10/08 10:42:46
@@ -416,7 +416,7 @@
                      } *xdata = (struct XDATA*) responsedata;
                      int k, i, h;
                      memset(xdata, 0, sizeof(struct XDATA));
-                     strcpy(xdata->servername, my_nwname);
+                     strmaxcpy(xdata->servername, my_nwname, sizeof(xdata->servername)-1);
                      if (!tells_server_version) {
                        xdata->version    =  2;
                        xdata->subversion = 15;
Index: nwconn.c
===================================================================
RCS file: /usr/local/cvsrp/mars/nwconn.c,v
retrieving revision 1.1.1.4
retrieving revision 1.2
diff -u -r1.1.1.4 -r1.2
--- nwconn.c	1999/06/04 09:37:59	1.1.1.4
+++ nwconn.c	1999/09/27 07:51:48	1.2
@@ -1129,7 +1129,7 @@
                uint8  *path      = rdata+3+q_name_len+2;
                uint8  new_path[257];
                int result        = conn_get_full_path(*dirhandle,
-                                    path, pathlen, new_path);
+                                    path, pathlen, new_path, sizeof(new_path));
                if (result > -1) {
                  int diffsize = result - pathlen;
                  *dirhandle   = 0;
Index: nwdbm.c
===================================================================
RCS file: /usr/local/cvsrp/mars/nwdbm.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 nwdbm.c
--- nwdbm.c	1999/03/07 09:02:42	1.1.1.3
+++ nwdbm.c	1999/10/08 10:42:46
@@ -2362,7 +2362,7 @@
                 pp=directory;
                 state++;
               } else if (state==3) {
-                strcpy(command, p-1);
+                strmaxcpy(command, p-1, sizeof(command)-1);
                 break;
               }
             }
Index: nwfile.c
===================================================================
RCS file: /usr/local/cvsrp/mars/nwfile.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 nwfile.c
--- nwfile.c	1999/06/04 09:38:00	1.1.1.3
+++ nwfile.c	1999/10/08 10:42:46
@@ -100,7 +100,7 @@
   fh->st_ino  = 0;
   fh->access  = 0;
   fh->inuse   = 0;
-  strcpy((char*)fh->fname, (char*)unixname);
+  strmaxcpy((char*)fh->fname, (char*)unixname, sizeof(fh->fname)-1);
   fh->fh_flags   = 0;
   fh->f       = NULL;
   fh->volume  = volume;
@@ -699,7 +699,7 @@
 {
   if (NULL == fh->f) {
     char pipecommand[512];
-    sprintf(pipecommand, "%s %s %d %d",
+    snprintf(pipecommand, sizeof(pipecommand), "%s %s %d %d",
                         fh->fname,
                         dowrite ? "WRITE" : "READ",
                         act_connection, act_pid);
Index: nwqconn.c
===================================================================
RCS file: /usr/local/cvsrp/mars/nwqconn.c,v
retrieving revision 1.1.1.2
retrieving revision 1.2
diff -u -r1.1.1.2 -r1.2
--- nwqconn.c	1999/01/28 06:24:10	1.1.1.2
+++ nwqconn.c	1999/09/27 07:51:49	1.2
@@ -212,7 +212,7 @@
         FILE *f=NULL;
         if (prc_len && *(prc+prc_len-1)=='!'){
           strmaxcpy((uint8*)buff, prc, prc_len-1);
-          sprintf(printcommand, "%s %s %s", buff,
+          snprintf(printcommand, sizeof(printcommand), "%s %s %s", buff,
              qpa.banner_user_name, qpa.banner_file_name);
         } else
           strmaxcpy((uint8*)printcommand, prc, prc_len);
Index: nwserv.c
===================================================================
RCS file: /usr/local/cvsrp/mars/nwserv.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 nwserv.c
--- nwserv.c	1999/01/28 06:24:12	1.1.1.2
+++ nwserv.c	1999/10/08 10:42:47
@@ -851,7 +851,7 @@
       char inhalt4[500];
       char dummy;
       int  anz;
-      if ((anz=sscanf((char*)buff, "%s %s %s %s", inhalt, inhalt2,
+      if ((anz=sscanf((char*)buff, "%500s %500s %500s %500s", inhalt, inhalt2,
                                                 inhalt3, inhalt4)) >  0) {
          switch (what) {
            case 2 : if (full) {
@@ -1287,7 +1287,7 @@
               int    frame=-1;
               uint32 netnum=0L;
               char buf[256];
-              strcpy(buf, argv[j+2]);
+              strmaxcpy(buf, argv[j+2], sizeof(buf)-1);
               upstr(buf);
               if (!strcmp(buf, "802.3"))
                 frame=IPX_FRAME_8023;
Index: nwvolume.c
===================================================================
RCS file: /usr/local/cvsrp/mars/nwvolume.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 nwvolume.c
--- nwvolume.c	1999/01/28 06:24:13	1.1.1.2
+++ nwvolume.c	1999/10/08 10:42:47
@@ -144,7 +144,7 @@
       uint8 umode_filestr[256];
       uint8 *p;
       int   len;
-      int   founds = sscanf((char*)buff, "%s %s %s %s %s",
+      int   founds = sscanf((char*)buff, "%256s %256s %256s %256s %256s",
                  sysname, unixname, optionstr, umode_dirstr, umode_filestr);
       if (founds > 1) {
         NW_VOL *vol=&(nw_volumes[used_nw_volumes]);
@@ -341,9 +341,9 @@
           flen = 0;
           fname = "";
         } else {
-          strcpy(fullname, unixname);
+          strmaxcpy(fullname, unixname, sizeof(fullname)-1);
           /* concatenation $HOME/ and add/on/ */
-          strcpy(fullname + homepathlen, nw_volumes[k].homeaddon);
+          strmaxcpy(fullname + homepathlen, nw_volumes[k].homeaddon, sizeof(fullname)-homepathlen-1);
           fname = fullname;
           flen = homepathlen + nw_volumes[k].addonlen;
         }
@@ -666,10 +666,10 @@
   uint8 trusteepath[500];
   uint8 *p;
   free_vol_trustee(v);
-  strcpy(trusteepath, path_trustees);
+  strmaxcpy(trusteepath, path_trustees, sizeof(trusteepath)-1);
   p=trusteepath+strlen(trusteepath);
   *p++='/';
-  strcpy(p, v->sysname);
+  strmaxcpy(p, v->sysname, sizeof(trusteepath)-strlen(p)-1);
   p+=strlen(v->sysname);
   *p++='/';
   *p='\0';
Index: trustee.c
===================================================================
RCS file: /usr/local/cvsrp/mars/trustee.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 trustee.c
--- trustee.c	1999/01/28 06:24:14	1.1.1.2
+++ trustee.c	1999/10/08 10:42:47
@@ -283,7 +283,7 @@
   char   volname[100];
   if (nw_get_volume_name(volume, volname) < 1) return;
   U32_TO_BE32(inode, buf_uc);
-  sprintf(buf, "%s/%s/%x/%x/%x/%x/n.%x", path_trustees, volname,
+  snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/n.%x", path_trustees, volname,
             dev,
             (int) buf_uc[0],
             (int) buf_uc[1],
@@ -306,7 +306,7 @@
   char   volname[100];
   if (nw_get_volume_name(volume, volname) < 1) return(-0xff);
   U32_TO_BE32(inode, buf_uc);
-  l=sprintf(buf, "%s/%s/%x/%x/%x/%x/t.%x", path_trustees, volname,
+  l=snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/t.%x", path_trustees, volname,
             dev,
             (int) buf_uc[0],
             (int) buf_uc[1],
@@ -328,7 +328,7 @@
   char   volname[100];
   if (nw_get_volume_name(volume, volname) < 1) return(result);
   U32_TO_BE32(inode, buf_uc);
-  sprintf(buf, "%s/%s/%x/%x/%x/%x/t.%x/%x", path_trustees, volname,
+  snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/t.%x/%x", path_trustees, volname,
             dev,
             (int) buf_uc[0],
             (int) buf_uc[1],
@@ -351,7 +351,7 @@
   int    len;
   unsigned int sernum=0;
   if (nw_get_volume_name(volume, volname) < 1) return(-1);
-  sprintf(buf, "%s/%s/ts", path_trustees, volname);
+  snprintf(buf, sizeof(buf), "%s/%s/ts", path_trustees, volname);
   len=readlink(buf, buf1, sizeof(buf1)-1);
   if (len>0) {
     buf1[len]='\0';
@@ -380,7 +380,7 @@
   char   volname[100];
   if (nw_get_volume_name(volume, volname) < 1) return;
   U32_TO_BE32(inode, buf_uc);
-  len=sprintf(buf, "%s/%s/%x/%x/%x/%x/", path_trustees, volname,
+  len=snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/", path_trustees, volname,
             dev,
             (int) buf_uc[0],
             (int) buf_uc[1],
@@ -438,7 +438,7 @@
   
   (void)nw_get_volume_name(volume, volname);
   
-  l=sprintf(buf, "%s/%s/%x/%x/%x/%x/t.%x", path_trustees, volname,
+  l=snprintf(buf, sizeof(buf), "%s/%s/%x/%x/%x/%x/t.%x", path_trustees, volname,
             dev,
             (int) buf_uc[0],
             (int) buf_uc[1],
@@ -458,7 +458,7 @@
         int          len;
         unsigned int id;
         if (1 == sscanf(dirbuff->d_name, "%x", &id)) {
-          strcpy(p, dirbuff->d_name);
+          strmaxcpy(p, dirbuff->d_name, sizeof(buf)-l-1);
           len=readlink(buf, btrustee, 254);
           if (len > 0) {
             unsigned int utrustee=0;
Index: unxfile.c
===================================================================
RCS file: /usr/local/cvsrp/mars/unxfile.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 unxfile.c
--- unxfile.c	1999/01/28 06:24:15	1.1.1.2
+++ unxfile.c	1999/10/08 10:42:47
@@ -84,7 +84,7 @@
         (     dirbuff->d_name[0] != '.'
           || (dirbuff->d_name[1] != '\0' && 
              (dirbuff->d_name[1] != '.' || dirbuff->d_name[2] != '\0')))) {
-        strcpy(p, dirbuff->d_name);
+        strmaxcpy(p, dirbuff->d_name, len+300+len-1);
         if (unlink(buf) && unx_xrmdir(buf)) {
           errorp(1, "unx_xrmdir", "cannot remove '%s'", buf);
           break;
@@ -105,7 +105,7 @@
   if (!stat(newname, &statb)) return(EEXIST);
   if (stat(oldname,  &statb)) return(-1);
   else if (!S_ISDIR(statb.st_mode)) return(-1);
-  sprintf(command, "mv %s %s 2>&1 >/dev/null" , oldname, newname);
+  snprintf(command, sizeof(command)-1, "mv %s %s 2>&1 >/dev/null" , oldname, newname);
   return(system(command));
 }
 #endif
