$OpenBSD: patch-protocols_yahoo_yahoo_c,v 1.4 2007/11/19 11:44:33 martynas Exp $
--- protocols/yahoo/yahoo.c.orig	Mon Aug 20 16:27:16 2007
+++ protocols/yahoo/yahoo.c	Mon Nov 19 13:39:01 2007
@@ -382,8 +382,11 @@ static int byahoo_chat_open( struct gaim_connection *g
 	char *roomname;
 	YList *members;
 	
-	roomname = g_new0( char, strlen( gc->username ) + 16 );
-	g_snprintf( roomname, strlen( gc->username ) + 16, "%s-Bee-%d", gc->username, byahoo_chat_id );
+	{
+		size_t len = strlen( gc->username ) + 16;
+		roomname = g_new0( char, len);
+		g_snprintf( roomname, len, "%s-Bee-%d", gc->username, byahoo_chat_id );
+	}
 	
 	c = serv_got_joined_chat( gc, ++byahoo_chat_id, roomname );
 	add_chat_buddy( c, gc->username );
@@ -561,13 +564,17 @@ void ext_yahoo_login_response( int id, int succ, char 
 		
 		if( url && *url )
 		{
-			s = g_malloc( strlen( "Error %d (%s). See %s for more information." ) + strlen( url ) + strlen( errstr ) + 16 );
-			sprintf( s, "Error %d (%s). See %s for more information.", succ, errstr, url );
+			const char format[] = "Error %d (%s). See %s for more information.";
+			size_t s_len = strlen(format) + strlen( url ) + strlen( errstr ) + 16;
+			s = g_malloc( s_len);
+			snprintf( s, s_len, format, succ, errstr, url );
 		}
 		else
 		{
-			s = g_malloc( strlen( "Error %d (%s)" ) + strlen( errstr ) + 16 );
-			sprintf( s, "Error %d (%s)", succ, errstr );
+			const char format[] = "Error %d (%s)";
+			size_t s_len = strlen(format) + strlen( errstr ) + 16;
+			s = g_malloc(s_len);
+			snprintf( s, s_len, format, succ, errstr );
 		}
 		
 		if( yd->logged_in )
@@ -777,7 +784,7 @@ int ext_yahoo_connect(char *host, int port)
 		if(!(server = gethostbyname(host))) {
 			return -1;
 		}
-		strncpy(last_host, host, 255);
+		strlcpy(last_host, host, sizeof(last_host));
 	}
 
 	if((servfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
@@ -788,6 +795,7 @@ int ext_yahoo_connect(char *host, int port)
 	{
 		memset(&serv_addr, 0, sizeof(serv_addr));
 		serv_addr.sin_family = AF_INET;
+		assert(server->h_length <= sizeof(serv_addr.sin_addr.s_addr));
 		memcpy(&serv_addr.sin_addr.s_addr, *p, server->h_length);
 		serv_addr.sin_port = htons(port);
 
@@ -840,7 +848,7 @@ void ext_yahoo_got_conf_invite( int id, char *who, cha
 		if( g_strcasecmp( m->data, gc->username ) != 0 )
 			add_chat_buddy( inv->c, m->data );
 	
-	g_snprintf( txt, 1024, "Got an invitation to chatroom %s from %s: %s", room, who, msg );
+	g_snprintf( txt, sizeof(txt), "Got an invitation to chatroom %s from %s: %s", room, who, msg );
 	
 	do_ask_dialog( gc, txt, inv, byahoo_accept_conf, byahoo_reject_conf );
 }
