$NetBSD: patch-ad,v 1.3 2007/04/18 17:06:16 ghen Exp $

--- server.c.orig	2006-05-01 22:43:10.000000000 +0200
+++ server.c
@@ -210,7 +210,7 @@ if(SQLConnect(cnf->sqlhost,cnf->sqluser,
 	return(-1);
 	}
 
-GetPeerIp(s,ip,buff);
+GetPeerIp(s,ip,BLEN,buff,BLEN);
 
 //
 // We check if this IP is authorized to connect to us
@@ -265,21 +265,34 @@ while(1==1)
 	// Now, we are sure our buffer string length is no more than BLEN
 	// as all parameters are defined also as buffers with a BLEN size
 	// no buffer overflow is possible using strcpy .
+	// But what's the point. Protect it anyway.
 	//
 
 	if(strcmp(buff,"")==0) break;
 
 	if(strncmp(buff,"request=",8)==0)
-		strcpy(request,buff+8);
+		{
+		strncpy(request,buff+8, sizeof(request)-1);
+		request[sizeof(request)-1] = '\0';
+		}
 
 	if(strncmp(buff,"sender=",7)==0)
-		strcpy(sender,buff+7);
+		{
+		strncpy(sender,buff+7, sizeof(sender)-1);
+		sender[sizeof(sender)-1] = '\0';
+		}
 
 	if(strncmp(buff,"recipient=",10)==0)
-		strcpy(recipient,buff+10);
+		{
+		strncpy(recipient,buff+10, sizeof(recipient)-1);
+		recipient[sizeof(recipient)-1] = '\0';
+		}
 
 	if(strncmp(buff,"client_address=",15)==0)
-		strcpy(ip,buff+15);
+		{
+		strncpy(ip,buff+15,sizeof(ip)-1);
+		ip[sizeof(ip)-1] = '\0';
+		}
 
 	}
 
@@ -304,7 +317,11 @@ Quote(sender);
 // Now, we can safely use, str** functions
 //
 
-if(sender[0]==0) strcpy(sender,"void@void");
+if(sender[0]==0)
+	{
+	strncpy(sender,"void@void",sizeof(sender)-1);
+	sender[sizeof(sender)-1] = '\0';
+	}
 
 if(strcmp(request,REQ)!=0 || recipient[0]==0 || ip[0]==0)
 	{