$NetBSD: patch-aq,v 1.3 2005/10/03 15:17:14 joerg Exp $

--- httpget.c.orig	2005-10-03 17:03:06.000000000 +0200
+++ httpget.c	2005-10-03 17:03:06.000000000 +0200
@@ -18,11 +18,9 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
-#include <sys/errno.h>
+#include <errno.h>
 #include <ctype.h>
 
-extern int errno;
-
 #include "mpg123.h"
 
 #ifndef INADDR_NONE
@@ -55,11 +53,10 @@
 #endif
 	int pos = 0;
 
-	while(1) {
+	while(pos < (maxlen - 1)) {
 		if( read(fileno(f),string+pos,1) == 1) {
 			pos++;
 			if(string[pos-1] == '\n') {
-				string[pos] = 0;
 				break;
 			}
 		}
@@ -78,6 +75,7 @@
 	}
 #endif
 
+	string[pos] = '\0';
 }
 
 void encode64 (char *source,char *destination)
@@ -111,7 +109,7 @@
 }
 
 /* VERY  simple auth-from-URL grabber */
-int getauthfromURL(char *url,char *auth)
+int getauthfromURL(char *url,char *auth,unsigned long authlen)
 {
   char *pos;
 
@@ -126,9 +124,13 @@
       if( url[i] == '/' )
          return 0;
     }
+    if (pos-url >= authlen) {
+      fprintf (stderr, "Error: authentication data exceeds max. length.\n");
+      return -1;
+    }
     strncpy(auth,url,pos-url);
     auth[pos-url] = 0;
-    strcpy(url,pos+1);
+    memmove(url,pos+1,strlen(pos+1)+1);
     return 1;
   }
   return 0;
@@ -199,7 +201,7 @@
 	strncpy(p0, portptr, stringlength);
 	*(p0 + stringlength) = '\0';
 
-	for (p = p0; *p && isdigit(*p); p++)
+	for (p = p0; *p && isdigit((unsigned char)*p); p++)
 		;
 	*p = '\0';
 	*port = (char *)p0;
@@ -265,7 +267,10 @@
 	strncpy (purl, url, 1023);
 	purl[1023] = '\0';
 
-        getauthfromURL(purl,httpauth1);
+        if (getauthfromURL(purl,httpauth1,sizeof(httpauth1)) < 0) {
+		sock = -1;
+		goto exit;
+	}
 
 	do {
 		strcpy (request, "GET ");
@@ -399,6 +404,7 @@
 		fprintf (stderr, "Too many HTTP relocations.\n");
 		exit (1);
 	}
+exit:
 	free (purl);
 	free (request);
 	free(host);
