$OpenBSD: patch-bin_afppasswd_afppasswd_c,v 1.2 2007/10/25 18:57:32 steven Exp $
--- bin/afppasswd/afppasswd.c.orig	Thu Feb 10 02:23:07 2005
+++ bin/afppasswd/afppasswd.c	Thu Oct 25 20:30:05 2007
@@ -64,7 +64,7 @@
 #define HEXPASSWDLEN 16
 #define PASSWDLEN 8
 
-static char buf[MAXPATHLEN + 1];
+static char buf[MAXPATHLEN];
 
 /* if newpwd is null, convert buf from hex to binary. if newpwd isn't
  * null, convert newpwd to hex and save it in buf. */
@@ -117,7 +117,7 @@ static void convert_passwd(char *buf, char *newpwd, co
 /* this matches the code in uam_randnum.c */
 static int update_passwd(const char *path, const char *name, int flags)
 {
-  char password[PASSWDLEN + 1], *p, *passwd;
+  char password[PASSWDLEN], *p, *passwd;
   FILE *fp;
   off_t pos;
   int keyfd = -1, err = 0;
@@ -128,9 +128,9 @@ static int update_passwd(const char *path, const char 
   }
 
   /* open the key file if it exists */
-  strcpy(buf, path);
+  strlcpy(buf, path, sizeof(buf));
   if (strlen(path) < sizeof(buf) - 5) {
-    strcat(buf, ".key");
+    strlcat(buf, ".key", sizeof(buf));
     keyfd = open(buf, O_RDONLY);
   } 
 
@@ -154,8 +154,8 @@ static int update_passwd(const char *path, const char 
   }
 
   if (flags & OPT_ADDUSER) {
-    strcpy(buf, name);
-    strcat(buf, FORMAT);
+    strlcpy(buf, name, sizeof(buf));
+    strlcat(buf, FORMAT, sizeof(buf));
     p = strchr(buf, ':') + 1;
     fwrite(buf, strlen(buf), 1, fp);
   } else {
@@ -239,8 +239,8 @@ static int create_file(const char *path, uid_t minuid)
     /* a little paranoia */
     if (strlen(pwd->pw_name) + FORMAT_LEN > sizeof(buf) - 1)
       continue;
-    strcpy(buf, pwd->pw_name);
-    strcat(buf, FORMAT);
+    strlcpy(buf, pwd->pw_name, sizeof(buf));
+    strlcat(buf, FORMAT, sizeof(buf));
     len = strlen(buf);
     if (write(fd, buf, len) != len) {
       fprintf(stderr, "afppasswd: problem writing to %s: %s\n", path,
@@ -255,6 +255,22 @@ static int create_file(const char *path, uid_t minuid)
   return err;
 }
 
+void usage(void) {
+#ifdef USE_CRACKLIB
+    fprintf(stderr, "Usage: afppasswd [-acfn] [-u minuid] [-p path] [username]\n");
+#else /* USE_CRACKLIB */
+    fprintf(stderr, "Usage: afppasswd [-acf] [-u minuid] [-p path] [username]\n");
+#endif /* USE_CRACKLIB */
+    fprintf(stderr, "  -a        add a new user\n");
+    fprintf(stderr, "  -c        create and initialize password file or specific user\n");
+    fprintf(stderr, "  -f        force an action\n");
+#ifdef USE_CRACKLIB
+    fprintf(stderr, "  -n        disable cracklib checking of passwords\n");
+#endif /* USE_CRACKLIB */
+    fprintf(stderr, "  -u uid    minimum uid to use, defaults to 100\n");
+    fprintf(stderr, "  -p path   path to afppasswd file\n");
+    exit(-1);
+}
 
 int main(int argc, char **argv)
 {
@@ -270,16 +286,7 @@ int main(int argc, char **argv)
   flags = ((uid = getuid()) == 0) ? OPT_ISROOT : 0;
 
   if (((flags & OPT_ISROOT) == 0) && (argc > 1)) {
-    fprintf(stderr, "Usage: afppasswd [-acfn] [-u minuid] [-p path] [username]\n");
-    fprintf(stderr, "  -a        add a new user\n");
-    fprintf(stderr, "  -c        create and initialize password file or specific user\n");
-    fprintf(stderr, "  -f        force an action\n");
-#ifdef USE_CRACKLIB
-    fprintf(stderr, "  -n        disable cracklib checking of passwords\n");
-#endif /* USE_CRACKLIB */
-    fprintf(stderr, "  -u uid    minimum uid to use, defaults to 100\n");
-    fprintf(stderr, "  -p path   path to afppasswd file\n");
-    return -1;
+	  usage();
   }
 
   while ((i = getopt(argc, argv, OPTIONS)) != EOF) {
@@ -312,20 +319,7 @@ int main(int argc, char **argv)
   
   if (err || (optind + ((flags & OPT_CREATE) ? 0 : 
 			(flags & OPT_ISROOT)) != argc)) {
-#ifdef USE_CRACKLIB
-    fprintf(stderr, "Usage: afppasswd [-acfn] [-u minuid] [-p path] [username]\n");
-#else /* USE_CRACKLIB */
-    fprintf(stderr, "Usage: afppasswd [-acf] [-u minuid] [-p path] [username]\n");
-#endif /* USE_CRACKLIB */
-    fprintf(stderr, "  -a        add a new user\n");
-    fprintf(stderr, "  -c        create and initialize password file or specific user\n");
-    fprintf(stderr, "  -f        force an action\n");
-#ifdef USE_CRACKLIB
-    fprintf(stderr, "  -n        disable cracklib checking of passwords\n");
-#endif /* USE_CRACKLIB */
-    fprintf(stderr, "  -u uid    minimum uid to use, defaults to 100\n");
-    fprintf(stderr, "  -p path   path to afppasswd file\n");
-    return -1;
+	  usage();
   }
 
   i = stat(path, &st);
