String paranoia and security fixes from OpenBSD: prevent a remote buffer

overflow and remote syslog() exploits.

Obtained from:	OpenBSD

net/mopd/files/patch-device.c

@@ -0,0 +1,38 @@
+--- common/device.c	1996/09/21 13:49:16	1.1
++++ common/device.c	2000/02/20 17:45:33	1.4
+@@ -111,7 +113,8 @@
+ {
+ 	struct if_info *p, tmp;
+ 
+-	strcpy(tmp.if_name,ifname);
++	strncpy(tmp.if_name,ifname,sizeof(tmp.if_name) - 1);
++	tmp.if_name[sizeof(tmp.if_name) - 1] = 0;
+ 	tmp.iopen   = pfInit;
+ 	
+ 	switch (proto) {
+@@ -138,7 +141,8 @@
+ 		p->next = iflist;
+ 		iflist = p;
+ 
+-		strcpy(p->if_name,tmp.if_name);
++		strncpy(p->if_name,tmp.if_name, IFNAME_SIZE -1);
++		p->if_name[IFNAME_SIZE -1] = 0;
+ 		p->iopen   = tmp.iopen;
+ 		p->write   = pfWrite;
+ 		p->read    = tmp.read;
+@@ -185,12 +199,12 @@
+ 	if ((strlen(dev) == 2) &&
+ 	    (dev[0] == 'e') &&
+ 	    ((dev[1] == 'n') || (dev[1] == 't'))) {
+-		sprintf(interface,"ent%d\0",unit);
++		snprintf(interface,sizeof(interface),"ent%d\0",unit);
+ 	} else {
+-		sprintf(interface,"%s%d\0",dev,unit);
++		snprintf(interface,sizeof(interface),"%s%d\0",dev,unit);
+ 	}
+ #else
+-	sprintf(interface,"%s",ifname);
++	snprintf(interface,sizeof(interface),"%s",ifname);
+ #endif /* _AIX */
+ 
+ 	/* Ok, init it just once */

net/mopd/files/patch-pf-snit.c

@@ -0,0 +1,22 @@
+--- otherOS/pf-snit.c	1996/09/21 19:12:50	1.2
++++ otherOS/pf-snit.c	2000/02/20 17:45:34	1.3
+@@ -239,7 +239,8 @@
+ 	struct ifreq ifr;
+ 	int fd;
+ 	
+-	strcpy(ifr.ifr_name, interface);
++	strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) -1);
++	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
+ 	
+ 	ifr.ifr_addr.sa_family = AF_UNSPEC;
+ 	bcopy(addr, ifr.ifr_addr.sa_data, 6);
+@@ -274,7 +275,8 @@
+ 	struct ifreq ifr;
+ 	int fd;
+ 	
+-	strcpy(ifr.ifr_name, interface);
++	strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) -1);
++	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
+ 	
+ 	ifr.ifr_addr.sa_family = AF_UNSPEC;
+ 	bcopy(addr, ifr.ifr_addr.sa_data, 6);

net/mopd/files/patch-pf.c

@@ -0,0 +1,22 @@
+--- common/pf.c	1997/08/18 03:11:31	1.3
++++ common/pf.c	2000/02/20 17:45:33	1.4
+@@ -176,7 +176,8 @@
+ 	struct ifreq ifr;
+ 	int	fd;
+ 	
+-	strcpy(ifr.ifr_name, interface);
++	strncpy(ifr.ifr_name, interface,sizeof(ifr.ifr_name) - 1);
++	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
+ 
+ 	ifr.ifr_addr.sa_family = AF_UNSPEC;
+ 	bcopy(addr, ifr.ifr_addr.sa_data, 6);
+@@ -211,7 +212,8 @@
+ 	struct ifreq ifr;
+ 	int	fd;
+ 	
+-	strcpy(ifr.ifr_name, interface);
++	strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) - 1);
++	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = 0;
+ 	
+ 	ifr.ifr_addr.sa_family = AF_UNSPEC;
+ 	bcopy(addr, ifr.ifr_addr.sa_data, 6);

net/mopd/files/patch-process.c

@@ -0,0 +1,81 @@
+--- mopd/process.c	1996/09/21 19:12:26	1.2
++++ mopd/process.c	2000/07/04 23:46:23	1.8
+@@ -267,7 +267,7 @@
+ 	dllist[slot].a_lseek   = 0;
+ 
+ 	dllist[slot].count     = 0;
+-	if (dllist[slot].dl_bsz >= 1492)
++	if ((dllist[slot].dl_bsz >= 1492) || (dllist[slot].dl_bsz == 0))
+ 		dllist[slot].dl_bsz = 1492;
+ 	if (dllist[slot].dl_bsz == 1030)	/* VS/uVAX 2000 needs this */
+ 		dllist[slot].dl_bsz = 1000;
+@@ -350,10 +350,10 @@
+ 		close(dllist[slot].ldfd);
+ 		dllist[slot].ldfd = 0;
+ 		dllist[slot].status = DL_STATUS_FREE;
+-		sprintf(line,
++		snprintf(line,sizeof(line),
+ 			"%x:%x:%x:%x:%x:%x Load completed",
+ 			dst[0],dst[1],dst[2],dst[3],dst[4],dst[5]);
+-		syslog(LOG_INFO, line);
++		syslog(LOG_INFO, "%s", line);
+ 		return;
+ 	}
+ 
+@@ -438,7 +438,7 @@
+ {
+ 	u_char  tmpc;
+ 	u_short moplen;
+-	u_char  pfile[17], mopcode;
++	u_char  pfile[129], mopcode;
+ 	char    filename[FILENAME_MAX];
+ 	char    line[100];
+ 	int     i,nfd,iindex;
+@@ -487,6 +487,8 @@
+ 		rpr_pgty = mopGetChar(pkt,index);	/* Program Type */
+ 		
+ 		tmpc = mopGetChar(pkt,index);		/* Software ID Len */
++		if (tmpc > sizeof(pfile) - 1)
++			return;
+ 		for (i = 0; i < tmpc; i++) {
+ 			pfile[i] = mopGetChar(pkt,index);
+ 			pfile[i+1] = '\0';
+@@ -513,31 +515,32 @@
+ 		bcopy((char *)src, (char *)(dl_rpr->eaddr), 6);
+ 		mopProcessInfo(pkt,index,moplen,dl_rpr,trans);
+ 
+-		sprintf(filename,"%s/%s.SYS", MOP_FILE_PATH, pfile);
++		snprintf(filename,sizeof(filename),
++			"%s/%s.SYS", MOP_FILE_PATH, pfile);
+ 		if ((mopCmpEAddr(dst,dl_mcst) == 0)) {
+ 			if ((nfd = open(filename, O_RDONLY, 0)) != -1) {
+ 				close(nfd);
+ 				mopSendASV(src, ii->eaddr, ii, trans);
+-				sprintf(line,
++				snprintf(line,sizeof(line),
+ 					"%x:%x:%x:%x:%x:%x (%d) Do you have %s? (Yes)",
+ 					src[0],src[1],src[2],
+ 					src[3],src[4],src[5],trans,pfile);
+ 			} else {
+-				sprintf(line,
++				snprintf(line,sizeof(line),
+ 					"%x:%x:%x:%x:%x:%x (%d) Do you have %s? (No)",
+ 					src[0],src[1],src[2],
+ 					src[3],src[4],src[5],trans,pfile);
+ 			}
+-			syslog(LOG_INFO, line);
++			syslog(LOG_INFO, "%s", line);
+ 		} else {
+ 			if ((mopCmpEAddr(dst,ii->eaddr) == 0)) {
+ 				dl_rpr->ldfd = open(filename, O_RDONLY, 0);
+ 				mopStartLoad(src, ii->eaddr, dl_rpr, trans);
+-				sprintf(line,
++				snprintf(line,sizeof(line),
+ 					"%x:%x:%x:%x:%x:%x Send me %s",
+ 					src[0],src[1],src[2],
+ 					src[3],src[4],src[5],pfile);
+-				syslog(LOG_INFO, line);
++				syslog(LOG_INFO, "%s", line);
+ 			}
+ 		}
+