cfengine/0003-Reduce-string-truncation-warnings.patch

From be9783fd1ba5f5150fef1c95349192271942a478 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Tue, 3 Jul 2018 09:18:08 +0200
Subject: [PATCH 3/3] Reduce string truncation warnings

---
 cf-agent/verify_databases.c       | 18 ++++++-------
 cf-agent/verify_exec.c            |  4 +--
 cf-agent/verify_packages.c        |  2 +-
 cf-execd/cf-execd-runner.c        |  4 +--
 cf-monitord/env_monitor.c         |  8 +++---
 cf-monitord/mon_network_sniffer.c |  6 ++---
 cf-runagent/cf-runagent.c         |  6 ++---
 cf-serverd/server_common.c        | 18 ++++++-------
 libcfnet/client_protocol.c        |  2 +-
 libenv/sysinfo.c                  | 45 ++++++++++++++++---------------
 libpromises/cf3globals.c          |  2 +-
 libpromises/cf3lex.l              |  6 ++---
 libpromises/cf3parse.y            |  2 +-
 libpromises/eval_context.c        |  4 +--
 libpromises/evalfunction.c        |  2 +-
 libpromises/expand.c              |  2 +-
 libpromises/keyring.c             |  4 +--
 libpromises/syslog_client.c       |  2 +-
 tests/unit/logging_test.c         |  2 +-
 tests/unit/set_domainname_test.c  |  2 +-
 20 files changed, 71 insertions(+), 70 deletions(-)

Index: cfengine-3.12.1/cf-agent/verify_databases.c
===================================================================
--- cfengine-3.12.1.orig/cf-agent/verify_databases.c
+++ cfengine-3.12.1/cf-agent/verify_databases.c
@@ -221,7 +221,7 @@ static PromiseResult VerifySQLPromise(Ev
     }
     else
     {
-        snprintf(query, CF_MAXVARSIZE - 1, "%s.%s", database, table);
+        snprintf(query, sizeof(query) - 1, "%s.%s", database, table);
 
         if (VerifyTablePromise(ctx, &cfdb, query, a.database.columns, a, pp, &result))
         {
@@ -300,7 +300,7 @@ static int VerifyDatabasePromise(CfdbCon
         if (((a.transaction.action) != cfa_warn) && (!DONTDO))
         {
             Log(LOG_LEVEL_VERBOSE, "Attempting to delete the database '%s'", database);
-            snprintf(query, CF_MAXVARSIZE - 1, "drop database %s", database);
+            snprintf(query, sizeof(query) - 1, "drop database %s", database);
             CfVoidQueryDB(cfdb, query);
             return cfdb->result;
         }
@@ -316,7 +316,7 @@ static int VerifyDatabasePromise(CfdbCon
         if (((a.transaction.action) != cfa_warn) && (!DONTDO))
         {
             Log(LOG_LEVEL_VERBOSE, "Attempting to create the database '%s'", database);
-            snprintf(query, CF_MAXVARSIZE - 1, "create database %s", database);
+            snprintf(query, sizeof(query) - 1, "create database %s", database);
             CfVoidQueryDB(cfdb, query);
             return cfdb->result;
         }
@@ -499,7 +499,7 @@ static int ValidateRegistryPromiser(char
 static int VerifyTablePromise(EvalContext *ctx, CfdbConn *cfdb, char *table_path, Rlist *columns, Attributes a,
                               const Promise *pp, PromiseResult *result)
 {
-    char name[CF_MAXVARSIZE], type[CF_MAXVARSIZE], query[CF_MAXVARSIZE], table[CF_MAXVARSIZE], db[CF_MAXVARSIZE];
+    char name[CF_MAXVARSIZE], type[CF_MAXVARSIZE], query[CF_BUFSIZE], table[CF_MAXVARSIZE], db[CF_MAXVARSIZE];
     int i, count, size, no_of_cols, *size_table, *done, identified, retval = true;
     char **name_table, **type_table;
 
@@ -670,12 +670,12 @@ static int VerifyTablePromise(EvalContex
                 {
                     if (size_table[i] > 0)
                     {
-                        snprintf(query, CF_MAXVARSIZE - 1, "ALTER TABLE %s ADD %s %s(%d)", table, name_table[i],
+                        snprintf(query, sizeof(query) - 1, "ALTER TABLE %s ADD %s %s(%d)", table, name_table[i],
                                  type_table[i], size_table[i]);
                     }
                     else
                     {
-                        snprintf(query, CF_MAXVARSIZE - 1, "ALTER TABLE %s ADD %s %s", table, name_table[i],
+                        snprintf(query, sizeof(query) - 1, "ALTER TABLE %s ADD %s %s", table, name_table[i],
                                  type_table[i]);
                     }
 
@@ -742,7 +742,7 @@ static int CreateTableColumns(CfdbConn *
 
     if (no_of_cols > 0)
     {
-        snprintf(query, CF_BUFSIZE - 1, "create table %s(", table);
+        snprintf(query, sizeof(query) - 1, "create table %s(", table);
 
         for (i = 0; i < no_of_cols; i++)
         {
@@ -781,7 +781,7 @@ static int CreateTableColumns(CfdbConn *
 static Rlist *GetSQLTables(CfdbConn *cfdb)
 {
     Rlist *list = NULL;
-    char query[CF_MAXVARSIZE];
+    char query[CF_BUFSIZE];
 
     ListTables(cfdb->type, query);
 
@@ -870,7 +870,7 @@ static int ValidateSQLTableName(char *ta
 
 static void QueryTableColumns(char *s, char *db, char *table)
 {
-    snprintf(s, CF_MAXVARSIZE - 1,
+    snprintf(s, CF_BUFSIZE - 1,
              "SELECT column_name,data_type,character_maximum_length FROM information_schema.columns WHERE table_name ='%s' AND table_schema = '%s'",
              table, db);
 }
Index: cfengine-3.12.1/cf-agent/verify_exec.c
===================================================================
--- cfengine-3.12.1.orig/cf-agent/verify_exec.c
+++ cfengine-3.12.1/cf-agent/verify_exec.c
@@ -203,7 +203,7 @@ static char *GetLockNameExec(Attributes
 static ActionResult RepairExec(EvalContext *ctx, Attributes a,
                                const Promise *pp, PromiseResult *result)
 {
-    char eventname[CF_BUFSIZE];
+    char eventname[CF_BUFSIZE * 2];
     char cmdline[CF_BUFSIZE];
     char comm[20];
     int outsourced, count = 0;
@@ -456,7 +456,7 @@ static ActionResult RepairExec(EvalConte
     umask(maskval);
 #endif
 
-    snprintf(eventname, CF_BUFSIZE - 1, "Exec(%s)", cmdline);
+    snprintf(eventname, CF_BUFSIZE*2 - 1, "Exec(%s)", cmdline);
 
 #ifndef __MINGW32__
     if ((a.transaction.background) && outsourced)
Index: cfengine-3.12.1/cf-agent/verify_packages.c
===================================================================
--- cfengine-3.12.1.orig/cf-agent/verify_packages.c
+++ cfengine-3.12.1/cf-agent/verify_packages.c
@@ -3176,7 +3176,7 @@ static void DeletePackageManagers(Packag
 
 const char *PrefixLocalRepository(const Rlist *repositories, const char *package)
 {
-    static char quotedPath[CF_MAXVARSIZE]; /* GLOBAL_R, no need to initialize */
+    static char quotedPath[CF_BUFSIZE * 2]; /* GLOBAL_R, no need to initialize */
     struct stat sb;
     char path[CF_BUFSIZE];
 
Index: cfengine-3.12.1/cf-execd/cf-execd-runner.c
===================================================================
--- cfengine-3.12.1.orig/cf-execd/cf-execd-runner.c
+++ cfengine-3.12.1/cf-execd/cf-execd-runner.c
@@ -195,7 +195,7 @@ void LocalExec(const ExecConfig *config)
     strlcpy(esc_command, MapName(cmd), CF_BUFSIZE);
 
 
-    char filename[CF_BUFSIZE];
+    char filename[CF_BUFSIZE * 3];
     {
         char line[CF_BUFSIZE];
         snprintf(line, CF_BUFSIZE, "_%jd_%s", (intmax_t) starttime, CanonifyName(ctime(&starttime)));
@@ -205,7 +205,7 @@ void LocalExec(const ExecConfig *config)
             strlcpy(canonified_fq_name, config->fq_name, CF_BUFSIZE);
             CanonifyNameInPlace(canonified_fq_name);
 
-            snprintf(filename, CF_BUFSIZE, "%s/outputs/cf_%s_%s_%p",
+            snprintf(filename, sizeof(filename), "%s/outputs/cf_%s_%s_%p",
                      GetWorkDir(), canonified_fq_name, line, thread_name);
 
             MapName(filename);
Index: cfengine-3.12.1/cf-monitord/env_monitor.c
===================================================================
--- cfengine-3.12.1.orig/cf-monitord/env_monitor.c
+++ cfengine-3.12.1/cf-monitord/env_monitor.c
@@ -943,7 +943,7 @@ static double SetClasses(EvalContext *ct
     {
         Log(LOG_LEVEL_DEBUG, "No sigma variation .. can't measure class");
 
-        snprintf(buffer, CF_MAXVARSIZE, "entropy_%s.*", name);
+        snprintf(buffer, sizeof(buffer), "entropy_%s.*", name);
         MonEntropyPurgeUnused(buffer);
 
         return sig;
@@ -1051,13 +1051,13 @@ static void SetVariable(char *name, doub
 {
     char var[CF_BUFSIZE];
 
-    snprintf(var, CF_MAXVARSIZE, "value_%s=%.2lf", name, value);
+    snprintf(var, sizeof(var), "value_%s=%.2lf", name, value);
     AppendItem(classlist, var, "");
 
-    snprintf(var, CF_MAXVARSIZE, "av_%s=%.2lf", name, average);
+    snprintf(var, sizeof(var), "av_%s=%.2lf", name, average);
     AppendItem(classlist, var, "");
 
-    snprintf(var, CF_MAXVARSIZE, "dev_%s=%.2lf", name, stddev);
+    snprintf(var, sizeof(var), "dev_%s=%.2lf", name, stddev);
     AppendItem(classlist, var, "");
 }
 
Index: cfengine-3.12.1/cf-monitord/mon_network_sniffer.c
===================================================================
--- cfengine-3.12.1.orig/cf-monitord/mon_network_sniffer.c
+++ cfengine-3.12.1/cf-monitord/mon_network_sniffer.c
@@ -210,7 +210,7 @@ static void IncrementCounter(Item **list
 
 static void AnalyzeArrival(Item *ip_addresses, long iteration, char *arrival, double *cf_this)
 {
-    char src[CF_BUFSIZE], dest[CF_BUFSIZE], flag = '.', *arr;
+    char src[CF_BUFSIZE], dest[CF_BUFSIZE * 2], flag = '.', *arr;
     int isme_dest, isme_src;
 
     src[0] = dest[0] = '\0';
@@ -387,11 +387,11 @@ static void AnalyzeArrival(Item *ip_addr
 
         if (strstr(arrival, ".138"))
         {
-            snprintf(dest, CF_BUFSIZE - 1, "%s NETBIOS", src);
+            snprintf(dest, sizeof(dest) - 1, "%s NETBIOS", src);
         }
         else if (strstr(arrival, ".2049"))
         {
-            snprintf(dest, CF_BUFSIZE - 1, "%s NFS", src);
+            snprintf(dest, sizeof(dest) - 1, "%s NFS", src);
         }
         else
         {
Index: cfengine-3.12.1/cf-runagent/cf-runagent.c
===================================================================
--- cfengine-3.12.1.orig/cf-runagent/cf-runagent.c
+++ cfengine-3.12.1/cf-runagent/cf-runagent.c
@@ -796,15 +796,15 @@ static void HailExec(AgentConnection *co
 static FILE *NewStream(char *name)
 {
     FILE *fp;
-    char filename[CF_BUFSIZE];
+    char filename[CF_BUFSIZE * 2];
 
     if (OUTPUT_DIRECTORY[0] != '\0')
     {
-        snprintf(filename, CF_BUFSIZE, "%s/%s_runagent.out", OUTPUT_DIRECTORY, name);
+        snprintf(filename, sizeof(filename), "%s/%s_runagent.out", OUTPUT_DIRECTORY, name);
     }
     else
     {
-        snprintf(filename, CF_BUFSIZE, "%s%coutputs%c%s_runagent.out",
+        snprintf(filename, sizeof(filename), "%s%coutputs%c%s_runagent.out",
                  GetWorkDir(), FILE_SEPARATOR, FILE_SEPARATOR, name);
     }
 
Index: cfengine-3.12.1/cf-serverd/server_common.c
===================================================================
--- cfengine-3.12.1.orig/cf-serverd/server_common.c
+++ cfengine-3.12.1/cf-serverd/server_common.c
@@ -370,8 +370,8 @@ static void AbortTransfer(ConnectionInfo
 {
     Log(LOG_LEVEL_VERBOSE, "Aborting transfer of file due to source changes");
 
-    char sendbuffer[CF_BUFSIZE];
-    snprintf(sendbuffer, CF_BUFSIZE, "%s%s: %s",
+    char sendbuffer[CF_BUFSIZE*2];
+    snprintf(sendbuffer, sizeof(sendbuffer), "%s%s: %s",
              CF_CHANGEDSTR1, CF_CHANGEDSTR2, filename);
 
     if (SendTransaction(connection, sendbuffer, 0, CF_DONE) == -1)
@@ -385,9 +385,9 @@ static void FailedTransfer(ConnectionInf
 {
     Log(LOG_LEVEL_VERBOSE, "Transfer failure");
 
-    char sendbuffer[CF_BUFSIZE];
+    char sendbuffer[CF_BUFSIZE*2];
 
-    snprintf(sendbuffer, CF_BUFSIZE, "%s", CF_FAILEDSTR);
+    snprintf(sendbuffer, sizeof(sendbuffer), "%s", CF_FAILEDSTR);
 
     if (SendTransaction(connection, sendbuffer, 0, CF_DONE) == -1)
     {
@@ -419,7 +419,7 @@ void CfGetFile(ServerFileGetState *args)
     {
         Log(LOG_LEVEL_INFO, "REFUSE access to file: %s", filename);
         RefuseAccess(args->conn, args->replyfile);
-        snprintf(sendbuffer, CF_BUFSIZE, "%s", CF_FAILEDSTR);
+        snprintf(sendbuffer, sizeof(sendbuffer), "%s", CF_FAILEDSTR);
         if (ConnectionInfoProtocolVersion(conn_info) == CF_PROTOCOL_CLASSIC)
         {
             SendSocketStream(ConnectionInfoSocket(conn_info), sendbuffer, args->buf_size);
@@ -437,7 +437,7 @@ void CfGetFile(ServerFileGetState *args)
     {
         Log(LOG_LEVEL_ERR, "Open error of file '%s'. (open: %s)",
             filename, GetErrorStr());
-        snprintf(sendbuffer, CF_BUFSIZE, "%s", CF_FAILEDSTR);
+        snprintf(sendbuffer, sizeof(sendbuffer), "%s", CF_FAILEDSTR);
         if (ConnectionInfoProtocolVersion(conn_info) == CF_PROTOCOL_CLASSIC)
         {
             SendSocketStream(ConnectionInfoSocket(conn_info), sendbuffer, args->buf_size);
@@ -458,7 +458,7 @@ void CfGetFile(ServerFileGetState *args)
 
         while (true)
         {
-            memset(sendbuffer, 0, CF_BUFSIZE);
+            memset(sendbuffer, 0, sizeof(sendbuffer));
 
             Log(LOG_LEVEL_DEBUG, "Now reading from disk...");
 
@@ -490,7 +490,7 @@ void CfGetFile(ServerFileGetState *args)
 
                 if (sb.st_size != savedlen)
                 {
-                    snprintf(sendbuffer, CF_BUFSIZE, "%s%s: %s", CF_CHANGEDSTR1, CF_CHANGEDSTR2, filename);
+                    snprintf(sendbuffer, sizeof(sendbuffer), "%s%s: %s", CF_CHANGEDSTR1, CF_CHANGEDSTR2, filename);
 
                     if (ConnectionInfoProtocolVersion(conn_info) == CF_PROTOCOL_CLASSIC)
                     {
@@ -606,7 +606,7 @@ void CfEncryptGetFile(ServerFileGetState
 
         while (true)
         {
-            memset(sendbuffer, 0, CF_BUFSIZE);
+            memset(sendbuffer, 0, sizeof(sendbuffer));
 
             if ((n_read = read(fd, sendbuffer, blocksize)) == -1)
             {
Index: cfengine-3.12.1/libcfnet/client_protocol.c
===================================================================
--- cfengine-3.12.1.orig/libcfnet/client_protocol.c
+++ cfengine-3.12.1/libcfnet/client_protocol.c
@@ -63,7 +63,7 @@ void SetSkipIdentify(bool enabled)
 
 int IdentifyAgent(ConnectionInfo *conn_info)
 {
-    char uname[CF_BUFSIZE], sendbuff[CF_BUFSIZE];
+    char uname[CF_MAXVARSIZE], sendbuff[CF_BUFSIZE];
     char dnsname[CF_MAXVARSIZE], localip[CF_MAX_IP_LEN];
     int ret;
 
Index: cfengine-3.12.1/libenv/sysinfo.c
===================================================================
--- cfengine-3.12.1.orig/libenv/sysinfo.c
+++ cfengine-3.12.1/libenv/sysinfo.c
@@ -443,7 +443,7 @@ static void GetNameInfo3(EvalContext *ct
     };
     int have_component[COMPONENTS_SIZE];
     struct stat sb;
-    char name[CF_MAXVARSIZE], quoteName[CF_MAXVARSIZE], shortname[CF_MAXVARSIZE];
+    char name[CF_MAXVARSIZE], quoteName[CF_BUFSIZE], shortname[CF_MAXVARSIZE];
 
     if (uname(&VSYSNAME) == -1)
     {
@@ -2064,7 +2064,7 @@ static int Linux_Suse_Version(EvalContex
         strncpy(classbuf, vendor, CF_MAXVARSIZE);
         EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
         snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", major);
-        SetFlavour(ctx, classbuf);
+        SetFlavor(ctx, classbuf);
         if (minor != -1)
         {
             snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", minor);
@@ -2177,7 +2177,7 @@ static void LinuxDebianSanitizeIssue(cha
 
 static int Linux_Misc_Version(EvalContext *ctx)
 {
-    char flavor[CF_MAXVARSIZE];
+    char flavor[CF_BUFSIZE];
     char version[CF_MAXVARSIZE];
     char os[CF_MAXVARSIZE];
     char buffer[CF_BUFSIZE];
@@ -2218,7 +2218,7 @@ static int Linux_Misc_Version(EvalContex
 
     if (*os && *version)
     {
-        snprintf(flavor, CF_MAXVARSIZE, "%s_%s", os, version);
+        snprintf(flavor, CF_BUFSIZE, "%s_%s", os, version);
         SetFlavor(ctx, flavor);
         return 1;
     }
@@ -2233,7 +2233,7 @@ static int Linux_Debian_Version(EvalCont
     int major = -1;
     int release = -1;
     int result;
-    char classname[CF_MAXVARSIZE], buffer[CF_MAXVARSIZE], os[CF_MAXVARSIZE], version[CF_MAXVARSIZE];
+    char classname[CF_BUFSIZE], buffer[CF_BUFSIZE], os[CF_MAXVARSIZE], version[CF_MAXVARSIZE];
 
     Log(LOG_LEVEL_VERBOSE, "This appears to be a debian system.");
     EvalContextClassPutHard(ctx, "debian", "inventory,attribute_name=none,source=agent");
@@ -2253,15 +2253,15 @@ static int Linux_Debian_Version(EvalCont
     {
     case 2:
         Log(LOG_LEVEL_VERBOSE, "This appears to be a Debian %u.%u system.", major, release);
-        snprintf(classname, CF_MAXVARSIZE, "debian_%u_%u", major, release);
+        snprintf(classname, CF_BUFSIZE, "debian_%u_%u", major, release);
         EvalContextClassPutHard(ctx, classname, "inventory,attribute_name=none,source=agent");
-        snprintf(classname, CF_MAXVARSIZE, "debian_%u", major);
+        snprintf(classname, CF_BUFSIZE, "debian_%u", major);
         SetFlavor(ctx, classname);
         break;
 
     case 1:
         Log(LOG_LEVEL_VERBOSE, "This appears to be a Debian %u system.", major);
-        snprintf(classname, CF_MAXVARSIZE, "debian_%u", major);
+        snprintf(classname, CF_BUFSIZE, "debian_%u", major);
         SetFlavor(ctx, classname);
         break;
 
@@ -2270,7 +2270,7 @@ static int Linux_Debian_Version(EvalCont
         sscanf(buffer, "%25[^/]", version);
         if (strlen(version) > 0)
         {
-            snprintf(classname, CF_MAXVARSIZE, "debian_%s", version);
+            snprintf(classname, CF_BUFSIZE, "debian_%s", version);
             EvalContextClassPutHard(ctx, classname, "inventory,attribute_name=none,source=agent");
         }
         break;
@@ -2288,7 +2288,7 @@ static int Linux_Debian_Version(EvalCont
     {
         LinuxDebianSanitizeIssue(buffer);
         sscanf(buffer, "%*s %*s %[^./]", version);
-        snprintf(buffer, CF_MAXVARSIZE, "debian_%s", version);
+        snprintf(buffer, CF_BUFSIZE, "debian_%s", version);
         EvalContextClassPutHard(ctx, "debian", "inventory,attribute_name=none,source=agent");
         SetFlavor(ctx, buffer);
     }
@@ -2296,12 +2296,12 @@ static int Linux_Debian_Version(EvalCont
     {
         LinuxDebianSanitizeIssue(buffer);
         sscanf(buffer, "%*s %[^.].%d", version, &release);
-        snprintf(buffer, CF_MAXVARSIZE, "ubuntu_%s", version);
+        snprintf(buffer, CF_BUFSIZE, "ubuntu_%s", version);
         SetFlavor(ctx, buffer);
         EvalContextClassPutHard(ctx, "ubuntu", "inventory,attribute_name=none,source=agent");
         if (release >= 0)
         {
-            snprintf(buffer, CF_MAXVARSIZE, "ubuntu_%s_%d", version, release);
+            snprintf(buffer, CF_BUFSIZE, "ubuntu_%s_%d", version, release);
             EvalContextClassPutHard(ctx, buffer, "inventory,attribute_name=none,source=agent");
         }
     }
@@ -2515,13 +2515,13 @@ static int EOS_Version(EvalContext *ctx)
     {
         if (strstr(buffer, "EOS"))
         {
-            char version[CF_MAXVARSIZE], class[CF_MAXVARSIZE];
+            char version[CF_MAXVARSIZE], class[CF_BUFSIZE];
             EvalContextClassPutHard(ctx, "eos", "inventory,attribute_name=none,source=agent");
             EvalContextClassPutHard(ctx, "arista", "source=agent");
             version[0] = '\0';
             sscanf(buffer, "%*s %*s %*s %s", version);
             CanonifyNameInPlace(version);
-            snprintf(class, CF_MAXVARSIZE, "eos_%s", version);
+            snprintf(class, CF_BUFSIZE, "eos_%s", version);
             EvalContextClassPutHard(ctx, class, "inventory,attribute_name=none,source=agent");
         }
     }
@@ -2541,14 +2541,14 @@ static int MiscOS(EvalContext *ctx)
     {
        if (strstr(buffer, "BIG-IP"))
        {
-           char version[CF_MAXVARSIZE], build[CF_MAXVARSIZE], class[CF_MAXVARSIZE];
+           char version[CF_MAXVARSIZE], build[CF_MAXVARSIZE], class[CF_BUFSIZE];
            EvalContextClassPutHard(ctx, "big_ip", "inventory,attribute_name=none,source=agent");
            sscanf(buffer, "%*s %s %*s %s", version, build);
            CanonifyNameInPlace(version);
            CanonifyNameInPlace(build);
-           snprintf(class, CF_MAXVARSIZE, "big_ip_%s", version);
+           snprintf(class, CF_BUFSIZE, "big_ip_%s", version);
            EvalContextClassPutHard(ctx, class, "inventory,attribute_name=none,source=agent");
-           snprintf(class, CF_MAXVARSIZE, "big_ip_%s_%s", version, build);
+           snprintf(class, CF_BUFSIZE, "big_ip_%s_%s", version, build);
            EvalContextClassPutHard(ctx, class, "inventory,attribute_name=none,source=agent");
            SetFlavor(ctx, "BIG-IP");
        }
@@ -2561,7 +2561,8 @@ static int MiscOS(EvalContext *ctx)
 
 static int VM_Version(EvalContext *ctx)
 {
-    char *sp, buffer[CF_BUFSIZE], classbuf[CF_BUFSIZE], version[CF_BUFSIZE];
+#define CF_CLASSBUFSIZE 2*CF_BUFSIZE
+    char *sp, buffer[CF_BUFSIZE], classbuf[CF_CLASSBUFSIZE], version[CF_BUFSIZE];
     int major, minor, bug;
     int sufficient = 0;
 
@@ -2573,17 +2574,17 @@ static int VM_Version(EvalContext *ctx)
     {
         if (sscanf(buffer, "VMware ESX Server %d.%d.%d", &major, &minor, &bug) > 0)
         {
-            snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %d", major);
+            snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %d", major);
             EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
-            snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %d.%d", major, minor);
+            snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %d.%d", major, minor);
             EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
-            snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %d.%d.%d", major, minor, bug);
+            snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %d.%d.%d", major, minor, bug);
             EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
             sufficient = 1;
         }
         else if (sscanf(buffer, "VMware ESX Server %s", version) > 0)
         {
-            snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %s", version);
+            snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %s", version);
             EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
             sufficient = 1;
         }
Index: cfengine-3.12.1/libpromises/cf3globals.c
===================================================================
--- cfengine-3.12.1.orig/libpromises/cf3globals.c
+++ cfengine-3.12.1/libpromises/cf3globals.c
@@ -55,7 +55,7 @@ long LASTSEENEXPIREAFTER = SECONDS_PER_W
 bool DONTDO = false; /* GLOBAL_A */
 
 /* NB! Check use before changing sizes */
-char VFQNAME[CF_MAXVARSIZE] = ""; /* GLOBAL_E GLOBAL_P */
+char VFQNAME[CF_BUFSIZE] = ""; /* GLOBAL_E GLOBAL_P */
 char VUQNAME[CF_MAXVARSIZE] = ""; /* GLOBAL_E */
 char VDOMAIN[CF_MAXVARSIZE] = ""; /* GLOBAL_E GLOBAL_P */
 
Index: cfengine-3.12.1/libpromises/cf3lex.l
===================================================================
--- cfengine-3.12.1.orig/libpromises/cf3lex.l
+++ cfengine-3.12.1/libpromises/cf3lex.l
@@ -334,7 +334,7 @@ promise_type   [a-zA-Z_]+:
                           {
                               yyerror("identifier too long");
                           }
-                          strncpy(P.currentid, yytext, CF_MAXVARSIZE);
+                          strncpy(P.currentid, yytext, CF_MAXVARSIZE-1);
                           return IDSYNTAX;
                       }
 
@@ -347,7 +347,7 @@ promise_type   [a-zA-Z_]+:
                           {
                               yyerror("qualified identifier too long");
                           }
-                          strncpy(P.currentid, yytext, CF_MAXVARSIZE);
+                          strncpy(P.currentid, yytext, CF_MAXVARSIZE-1);
                           return IDSYNTAX;
                       }
 
@@ -441,7 +441,7 @@ promise_type   [a-zA-Z_]+:
 
                           tmp = xstrdup(yytext);
                           tmp[yyleng - 1] = '\0';
-                          strncpy(P.currenttype, tmp, CF_MAXVARSIZE);
+                          strncpy(P.currenttype, tmp, CF_MAXVARSIZE-1);
 
                           if (P.currentclasses != NULL)
                           {
Index: cfengine-3.12.1/libpromises/cf3parse.y
===================================================================
--- cfengine-3.12.1.orig/libpromises/cf3parse.y
+++ cfengine-3.12.1/libpromises/cf3parse.y
@@ -1134,7 +1134,7 @@ functionid:            IDSYNTAX
                      | NAKEDVAR
                        {
                            ParserDebug("\tP:%s:%s:%s:%s function nakedvar = %s\n", P.block, P.blocktype, P.blockid, P.currentclasses ? P.currentclasses : "any", P.currentstring);
-                           strncpy(P.currentid,P.currentstring,CF_MAXVARSIZE); // Make a var look like an ID
+                           strncpy(P.currentid,P.currentstring,CF_MAXVARSIZE-1); // Make a var look like an ID
                            free(P.currentstring);
                            P.currentstring = NULL;
                        }
Index: cfengine-3.12.1/libpromises/eval_context.c
===================================================================
--- cfengine-3.12.1.orig/libpromises/eval_context.c
+++ cfengine-3.12.1/libpromises/eval_context.c
@@ -1569,7 +1569,7 @@ Class *EvalContextClassMatch(const EvalC
 static bool EvalContextClassPut(EvalContext *ctx, const char *ns, const char *name, bool is_soft, ContextScope scope, const char *tags)
 {
     {
-        char context_copy[CF_MAXVARSIZE];
+        char context_copy[CF_BUFSIZE];
         char canonified_context[CF_MAXVARSIZE];
 
 
@@ -1592,7 +1592,7 @@ static bool EvalContextClassPut(EvalCont
 
         if (ns && strcmp(ns, "default") != 0)
         {
-            snprintf(context_copy, CF_MAXVARSIZE, "%s:%s", ns, canonified_context);
+            snprintf(context_copy, CF_BUFSIZE, "%s:%s", ns, canonified_context);
         }
         else
         {
Index: cfengine-3.12.1/libpromises/evalfunction.c
===================================================================
--- cfengine-3.12.1.orig/libpromises/evalfunction.c
+++ cfengine-3.12.1/libpromises/evalfunction.c
@@ -496,7 +496,7 @@ static Rlist *GetHostsFromLastseenDB(Ite
     Item *ip;
     time_t now = time(NULL);
     double entrytime;
-    char address[CF_MAXVARSIZE];
+    char address[CF_BUFSIZE];
 
     for (ip = addresses; ip != NULL; ip = ip->next)
     {
Index: cfengine-3.12.1/libpromises/expand.c
===================================================================
--- cfengine-3.12.1.orig/libpromises/expand.c
+++ cfengine-3.12.1/libpromises/expand.c
@@ -870,7 +870,7 @@ static void ResolveControlBody(EvalConte
 
             EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "domain");
             EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost");
-            snprintf(VFQNAME, CF_MAXVARSIZE, "%s.%s", VUQNAME, VDOMAIN);
+            snprintf(VFQNAME, CF_BUFSIZE, "%s.%s", VUQNAME, VDOMAIN);
             EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost",
                                           VFQNAME, CF_DATA_TYPE_STRING,
                                           "inventory,source=agent,attribute_name=Host name");
Index: cfengine-3.12.1/libpromises/keyring.c
===================================================================
--- cfengine-3.12.1.orig/libpromises/keyring.c
+++ cfengine-3.12.1/libpromises/keyring.c
@@ -83,9 +83,9 @@ int RemovePublicKey(const char *id)
 
         if (c && c[strlen(suffix)] == '\0')     /* dirp->d_name ends with suffix */
         {
-            char keyfilename[CF_BUFSIZE];
+            char keyfilename[CF_BUFSIZE * 2];
 
-            snprintf(keyfilename, CF_BUFSIZE, "%s/%s", keysdir, dirp->d_name);
+            snprintf(keyfilename, CF_BUFSIZE * 2, "%s/%s", keysdir, dirp->d_name);
             MapName(keyfilename);
 
             if (unlink(keyfilename) < 0)
Index: cfengine-3.12.1/libpromises/syslog_client.c
===================================================================
--- cfengine-3.12.1.orig/libpromises/syslog_client.c
+++ cfengine-3.12.1/libpromises/syslog_client.c
@@ -112,6 +112,7 @@ void RemoteSysLog(int log_priority, cons
             char timebuffer[26];
             pid_t pid = getpid();
 
+            // rfc3164_len is WAY too small
             snprintf(
                 message,
                 sizeof(message),
Index: cfengine-3.12.1/tests/unit/logging_test.c
===================================================================
--- cfengine-3.12.1.orig/tests/unit/logging_test.c
+++ cfengine-3.12.1/tests/unit/logging_test.c
@@ -6,7 +6,7 @@
 #include <syslog_client.h>
 #include <string_lib.h>
 
-char VFQNAME[CF_MAXVARSIZE];
+char VFQNAME[CF_BUFSIZE];
 char VPREFIX[CF_MAXVARSIZE];
 
 static struct sockaddr *got_address;
Index: cfengine-3.12.1/tests/unit/set_domainname_test.c
===================================================================
--- cfengine-3.12.1.orig/tests/unit/set_domainname_test.c
+++ cfengine-3.12.1/tests/unit/set_domainname_test.c
@@ -9,7 +9,7 @@
 
 /* Global variables we care about */
 
-char VFQNAME[CF_MAXVARSIZE];
+char VFQNAME[CF_BUFSIZE];
 char VUQNAME[CF_MAXVARSIZE];
 char VDOMAIN[CF_MAXVARSIZE];