cfengine/0002-Reduce-string-truncation-warnings.patch

From 5c454a3ac32943ddd867cd0955bead955f38fd6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Tue, 3 Jul 2018 09:18:08 +0200
Subject: [PATCH 2/3] Reduce string truncation warnings

---
 cf-agent/verify_databases.c       | 18 +++++++-------
 cf-agent/verify_exec.c            |  4 ++--
 cf-agent/verify_packages.c        |  2 +-
 cf-execd/cf-execd-runner.c        |  4 ++--
 cf-monitord/env_monitor.c         |  8 +++----
 cf-monitord/mon_network_sniffer.c |  6 ++---
 cf-runagent/cf-runagent.c         |  6 ++---
 cf-serverd/server_common.c        | 18 +++++++-------
 libcfnet/client_protocol.c        |  2 +-
 libenv/sysinfo.c                  | 40 +++++++++++++++----------------
 libpromises/cf3globals.c          |  2 +-
 libpromises/cf3lex.l              |  6 ++---
 libpromises/cf3parse.y            |  2 +-
 libpromises/eval_context.c        |  4 ++--
 libpromises/evalfunction.c        |  2 +-
 libpromises/expand.c              |  2 +-
 libpromises/keyring.c             |  4 ++--
 tests/unit/logging_test.c         |  2 +-
 tests/unit/set_domainname_test.c  |  2 +-
 19 files changed, 66 insertions(+), 68 deletions(-)

diff --git a/cf-agent/verify_databases.c b/cf-agent/verify_databases.c
index be8ed98bbc15..c55da6a890d5 100644
--- a/cf-agent/verify_databases.c
+++ b/cf-agent/verify_databases.c
@@ -221,7 +221,7 @@ static PromiseResult VerifySQLPromise(EvalContext *ctx, const Attributes *a, con
     }
     else
     {
-        snprintf(query, CF_MAXVARSIZE - 1, "%s.%s", database, table);
+        snprintf(query, sizeof(query) - 1, "%s.%s", database, table);
 
         if (VerifyTablePromise(ctx, &cfdb, query, a->database.columns, a, pp, &result))
         {
@@ -301,7 +301,7 @@ static int VerifyDatabasePromise(CfdbConn *cfdb, char *database, const Attribute
         if (((a->transaction.action) != cfa_warn) && (!DONTDO))
         {
             Log(LOG_LEVEL_VERBOSE, "Attempting to delete the database '%s'", database);
-            snprintf(query, CF_MAXVARSIZE - 1, "drop database %s", database);
+            snprintf(query, sizeof(query) - 1, "drop database %s", database);
             CfVoidQueryDB(cfdb, query);
             return cfdb->result;
         }
@@ -317,7 +317,7 @@ static int VerifyDatabasePromise(CfdbConn *cfdb, char *database, const Attribute
         if (((a->transaction.action) != cfa_warn) && (!DONTDO))
         {
             Log(LOG_LEVEL_VERBOSE, "Attempting to create the database '%s'", database);
-            snprintf(query, CF_MAXVARSIZE - 1, "create database %s", database);
+            snprintf(query, sizeof(query) - 1, "create database %s", database);
             CfVoidQueryDB(cfdb, query);
             return cfdb->result;
         }
@@ -506,7 +506,7 @@ static bool VerifyTablePromise(EvalContext *ctx, CfdbConn *cfdb, char *table_pat
                               const Promise *pp, PromiseResult *result)
 {
     assert(a != NULL);
-    char name[CF_MAXVARSIZE], type[CF_MAXVARSIZE], query[CF_MAXVARSIZE], table[CF_MAXVARSIZE], db[CF_MAXVARSIZE];
+    char name[CF_MAXVARSIZE], type[CF_MAXVARSIZE], query[CF_BUFSIZE], table[CF_MAXVARSIZE], db[CF_MAXVARSIZE];
     int i, count, size, no_of_cols, *size_table, *done, identified;
     bool retval = true;
     char **name_table, **type_table;
@@ -678,12 +678,12 @@ static bool VerifyTablePromise(EvalContext *ctx, CfdbConn *cfdb, char *table_pat
                 {
                     if (size_table[i] > 0)
                     {
-                        snprintf(query, CF_MAXVARSIZE - 1, "ALTER TABLE %s ADD %s %s(%d)", table, name_table[i],
+                        snprintf(query, sizeof(query) - 1, "ALTER TABLE %s ADD %s %s(%d)", table, name_table[i],
                                  type_table[i], size_table[i]);
                     }
                     else
                     {
-                        snprintf(query, CF_MAXVARSIZE - 1, "ALTER TABLE %s ADD %s %s", table, name_table[i],
+                        snprintf(query, sizeof(query) - 1, "ALTER TABLE %s ADD %s %s", table, name_table[i],
                                  type_table[i]);
                     }
 
@@ -750,7 +750,7 @@ static bool CreateTableColumns(CfdbConn *cfdb, char *table, Rlist *columns)
 
     if (no_of_cols > 0)
     {
-        snprintf(query, CF_BUFSIZE - 1, "create table %s(", table);
+        snprintf(query, sizeof(query) - 1, "create table %s(", table);
 
         for (i = 0; i < no_of_cols; i++)
         {
@@ -789,7 +789,7 @@ static bool CreateTableColumns(CfdbConn *cfdb, char *table, Rlist *columns)
 static Rlist *GetSQLTables(CfdbConn *cfdb)
 {
     Rlist *list = NULL;
-    char query[CF_MAXVARSIZE];
+    char query[CF_BUFSIZE];
 
     ListTables(cfdb->type, query);
 
@@ -878,7 +878,7 @@ static bool ValidateSQLTableName(char *table_path, char *db, char *table)
 
 static void QueryTableColumns(char *s, char *db, char *table)
 {
-    snprintf(s, CF_MAXVARSIZE - 1,
+    snprintf(s, CF_BUFSIZE - 1,
              "SELECT column_name,data_type,character_maximum_length FROM information_schema->columns WHERE table_name ='%s' AND table_schema = '%s'",
              table, db);
 }
diff --git a/cf-agent/verify_exec.c b/cf-agent/verify_exec.c
index fae286563eb3..941645aee991 100644
--- a/cf-agent/verify_exec.c
+++ b/cf-agent/verify_exec.c
@@ -207,7 +207,7 @@ static char *GetLockNameExec(const Attributes *a, const Promise *pp)
 static ActionResult RepairExec(EvalContext *ctx, const Attributes *a,
                                const Promise *pp, PromiseResult *result)
 {
-    char eventname[CF_BUFSIZE];
+    char eventname[CF_BUFSIZE * 2];
     char cmdline[CF_BUFSIZE];
     char comm[20];
     int outsourced, count = 0;
@@ -460,7 +460,7 @@ static ActionResult RepairExec(EvalContext *ctx, const Attributes *a,
     umask(maskval);
 #endif
 
-    snprintf(eventname, CF_BUFSIZE - 1, "Exec(%s)", cmdline);
+    snprintf(eventname, CF_BUFSIZE*2 - 1, "Exec(%s)", cmdline);
 
 #ifndef __MINGW32__
     if ((a->transaction.background) && outsourced)
diff --git a/cf-agent/verify_packages.c b/cf-agent/verify_packages.c
index c3ffded995f0..e291858a71e9 100644
--- a/cf-agent/verify_packages.c
+++ b/cf-agent/verify_packages.c
@@ -3233,7 +3233,7 @@ static void DeletePackageManagers(PackageManager *np)
 
 const char *PrefixLocalRepository(const Rlist *repositories, const char *package)
 {
-    static char quotedPath[CF_MAXVARSIZE]; /* GLOBAL_R, no need to initialize */
+    static char quotedPath[CF_BUFSIZE * 2]; /* GLOBAL_R, no need to initialize */
     struct stat sb;
     char path[CF_BUFSIZE];
 
diff --git a/cf-execd/cf-execd-runner.c b/cf-execd/cf-execd-runner.c
index 1e743b4d09da..dfde122ba84c 100644
--- a/cf-execd/cf-execd-runner.c
+++ b/cf-execd/cf-execd-runner.c
@@ -195,7 +195,7 @@ void LocalExec(const ExecConfig *config)
     strlcpy(esc_command, MapName(cmd), CF_BUFSIZE);
 
 
-    char filename[CF_BUFSIZE];
+    char filename[CF_BUFSIZE * 3];
     {
         char line[CF_BUFSIZE];
         snprintf(line, CF_BUFSIZE, "_%jd_%s", (intmax_t) starttime, CanonifyName(ctime(&starttime)));
@@ -205,7 +205,7 @@ void LocalExec(const ExecConfig *config)
             strlcpy(canonified_fq_name, config->fq_name, CF_BUFSIZE);
             CanonifyNameInPlace(canonified_fq_name);
 
-            snprintf(filename, CF_BUFSIZE, "%s/outputs/cf_%s_%s_%p",
+            snprintf(filename, sizeof(filename), "%s/outputs/cf_%s_%s_%p",
                      GetWorkDir(), canonified_fq_name, line, thread_name);
 
             MapName(filename);
diff --git a/cf-monitord/env_monitor.c b/cf-monitord/env_monitor.c
index 472e4c2c3d3e..866aa18dacec 100644
--- a/cf-monitord/env_monitor.c
+++ b/cf-monitord/env_monitor.c
@@ -938,7 +938,7 @@ static double SetClasses(EvalContext *ctx, char *name, double variable, double a
     {
         Log(LOG_LEVEL_DEBUG, "No sigma variation .. can't measure class");
 
-        snprintf(buffer, CF_MAXVARSIZE, "entropy_%s.*", name);
+        snprintf(buffer, sizeof(buffer), "entropy_%s.*", name);
         MonEntropyPurgeUnused(buffer);
 
         return sig;
@@ -1046,13 +1046,13 @@ static void SetVariable(char *name, double value, double average, double stddev,
 {
     char var[CF_BUFSIZE];
 
-    snprintf(var, CF_MAXVARSIZE, "value_%s=%.2lf", name, value);
+    snprintf(var, sizeof(var), "value_%s=%.2lf", name, value);
     AppendItem(classlist, var, "");
 
-    snprintf(var, CF_MAXVARSIZE, "av_%s=%.2lf", name, average);
+    snprintf(var, sizeof(var), "av_%s=%.2lf", name, average);
     AppendItem(classlist, var, "");
 
-    snprintf(var, CF_MAXVARSIZE, "dev_%s=%.2lf", name, stddev);
+    snprintf(var, sizeof(var), "dev_%s=%.2lf", name, stddev);
     AppendItem(classlist, var, "");
 }
 
diff --git a/cf-monitord/mon_network_sniffer.c b/cf-monitord/mon_network_sniffer.c
index 4ec8f3c79124..7466d94fcb70 100644
--- a/cf-monitord/mon_network_sniffer.c
+++ b/cf-monitord/mon_network_sniffer.c
@@ -210,7 +210,7 @@ static void IncrementCounter(Item **list, char *name)
 
 static void AnalyzeArrival(Item *ip_addresses, long iteration, char *arrival, double *cf_this)
 {
-    char src[CF_BUFSIZE], dest[CF_BUFSIZE], flag = '.', *arr;
+    char src[CF_BUFSIZE], dest[CF_BUFSIZE * 2], flag = '.', *arr;
     int isme_dest, isme_src;
 
     src[0] = dest[0] = '\0';
@@ -399,11 +399,11 @@ static void AnalyzeArrival(Item *ip_addresses, long iteration, char *arrival, do
 
         if (strstr(arrival, ".138"))
         {
-            snprintf(dest, CF_BUFSIZE - 1, "%s NETBIOS", src);
+            snprintf(dest, sizeof(dest) - 1, "%s NETBIOS", src);
         }
         else if (strstr(arrival, ".2049"))
         {
-            snprintf(dest, CF_BUFSIZE - 1, "%s NFS", src);
+            snprintf(dest, sizeof(dest) - 1, "%s NFS", src);
         }
         else
         {
diff --git a/cf-runagent/cf-runagent.c b/cf-runagent/cf-runagent.c
index 6c546acd55e2..5e9b74d5d3e9 100644
--- a/cf-runagent/cf-runagent.c
+++ b/cf-runagent/cf-runagent.c
@@ -796,15 +796,15 @@ static void HailExec(AgentConnection *conn, char *peer)
 static FILE *NewStream(char *name)
 {
     FILE *fp;
-    char filename[CF_BUFSIZE];
+    char filename[CF_BUFSIZE * 2];
 
     if (OUTPUT_DIRECTORY[0] != '\0')
     {
-        snprintf(filename, CF_BUFSIZE, "%s/%s_runagent.out", OUTPUT_DIRECTORY, name);
+        snprintf(filename, sizeof(filename), "%s/%s_runagent.out", OUTPUT_DIRECTORY, name);
     }
     else
     {
-        snprintf(filename, CF_BUFSIZE, "%s%coutputs%c%s_runagent.out",
+        snprintf(filename, sizeof(filename), "%s%coutputs%c%s_runagent.out",
                  GetWorkDir(), FILE_SEPARATOR, FILE_SEPARATOR, name);
     }
 
diff --git a/cf-serverd/server_common.c b/cf-serverd/server_common.c
index 77ac6c4dfd43..31d71ab4a742 100644
--- a/cf-serverd/server_common.c
+++ b/cf-serverd/server_common.c
@@ -372,8 +372,8 @@ static void AbortTransfer(ConnectionInfo *connection, char *filename)
 {
     Log(LOG_LEVEL_VERBOSE, "Aborting transfer of file due to source changes");
 
-    char sendbuffer[CF_BUFSIZE];
-    snprintf(sendbuffer, CF_BUFSIZE, "%s%s: %s",
+    char sendbuffer[CF_BUFSIZE*2];
+    snprintf(sendbuffer, sizeof(sendbuffer), "%s%s: %s",
              CF_CHANGEDSTR1, CF_CHANGEDSTR2, filename);
 
     if (SendTransaction(connection, sendbuffer, 0, CF_DONE) == -1)
@@ -387,9 +387,9 @@ static void FailedTransfer(ConnectionInfo *connection)
 {
     Log(LOG_LEVEL_VERBOSE, "Transfer failure");
 
-    char sendbuffer[CF_BUFSIZE];
+    char sendbuffer[CF_BUFSIZE*2];
 
-    snprintf(sendbuffer, CF_BUFSIZE, "%s", CF_FAILEDSTR);
+    snprintf(sendbuffer, sizeof(sendbuffer), "%s", CF_FAILEDSTR);
 
     if (SendTransaction(connection, sendbuffer, 0, CF_DONE) == -1)
     {
@@ -421,7 +421,7 @@ void CfGetFile(ServerFileGetState *args)
     {
         Log(LOG_LEVEL_INFO, "REFUSE access to file: %s", filename);
         RefuseAccess(args->conn, args->replyfile);
-        snprintf(sendbuffer, CF_BUFSIZE, "%s", CF_FAILEDSTR);
+        snprintf(sendbuffer, sizeof(sendbuffer), "%s", CF_FAILEDSTR);
         if (ConnectionInfoProtocolVersion(conn_info) == CF_PROTOCOL_CLASSIC)
         {
             SendSocketStream(ConnectionInfoSocket(conn_info), sendbuffer, args->buf_size);
@@ -439,7 +439,7 @@ void CfGetFile(ServerFileGetState *args)
     {
         Log(LOG_LEVEL_ERR, "Open error of file '%s'. (open: %s)",
             filename, GetErrorStr());
-        snprintf(sendbuffer, CF_BUFSIZE, "%s", CF_FAILEDSTR);
+        snprintf(sendbuffer, sizeof(sendbuffer), "%s", CF_FAILEDSTR);
         if (ConnectionInfoProtocolVersion(conn_info) == CF_PROTOCOL_CLASSIC)
         {
             SendSocketStream(ConnectionInfoSocket(conn_info), sendbuffer, args->buf_size);
@@ -460,7 +460,7 @@ void CfGetFile(ServerFileGetState *args)
 
         while (true)
         {
-            memset(sendbuffer, 0, CF_BUFSIZE);
+            memset(sendbuffer, 0, sizeof(sendbuffer));
 
             Log(LOG_LEVEL_DEBUG, "Now reading from disk...");
 
@@ -492,7 +492,7 @@ void CfGetFile(ServerFileGetState *args)
 
                 if (sb.st_size != savedlen)
                 {
-                    snprintf(sendbuffer, CF_BUFSIZE, "%s%s: %s", CF_CHANGEDSTR1, CF_CHANGEDSTR2, filename);
+                    snprintf(sendbuffer, sizeof(sendbuffer), "%s%s: %s", CF_CHANGEDSTR1, CF_CHANGEDSTR2, filename);
 
                     if (ConnectionInfoProtocolVersion(conn_info) == CF_PROTOCOL_CLASSIC)
                     {
@@ -608,7 +608,7 @@ void CfEncryptGetFile(ServerFileGetState *args)
 
         while (true)
         {
-            memset(sendbuffer, 0, CF_BUFSIZE);
+            memset(sendbuffer, 0, sizeof(sendbuffer));
 
             if ((n_read = read(fd, sendbuffer, blocksize)) == -1)
             {
diff --git a/libcfnet/client_protocol.c b/libcfnet/client_protocol.c
index 2f4668882f6a..54cfda95e4d3 100644
--- a/libcfnet/client_protocol.c
+++ b/libcfnet/client_protocol.c
@@ -63,7 +63,7 @@ void SetSkipIdentify(bool enabled)
 
 bool IdentifyAgent(ConnectionInfo *conn_info)
 {
-    char uname[CF_BUFSIZE], sendbuff[CF_BUFSIZE];
+    char uname[CF_MAXVARSIZE], sendbuff[CF_BUFSIZE];
     char dnsname[CF_MAXVARSIZE], localip[CF_MAX_IP_LEN];
     int ret;
 
diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c
index a6b1618c6a70..20c92996eed7 100644
--- a/libenv/sysinfo.c
+++ b/libenv/sysinfo.c
@@ -444,7 +444,7 @@ static void GetNameInfo3(EvalContext *ctx)
     };
     int have_component[COMPONENTS_SIZE];
     struct stat sb;
-    char name[CF_MAXVARSIZE], quoteName[CF_MAXVARSIZE], shortname[CF_MAXVARSIZE];
+    char name[CF_MAXVARSIZE], quoteName[CF_BUFSIZE], shortname[CF_MAXVARSIZE];
 
     if (uname(&VSYSNAME) == -1)
     {
@@ -2073,7 +2073,7 @@ static int Linux_Suse_Version(EvalContext *ctx)
         strncpy(classbuf, vendor, CF_MAXVARSIZE);
         EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
         snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", major);
-        SetFlavour(ctx, classbuf);
+        SetFlavor(ctx, classbuf);
         if (minor != -1)
         {
             snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", minor);
@@ -2186,7 +2186,7 @@ static void LinuxDebianSanitizeIssue(char *buffer)
 
 static int Linux_Misc_Version(EvalContext *ctx)
 {
-    char flavor[CF_MAXVARSIZE];
+    char flavor[CF_BUFSIZE];
     char version[CF_MAXVARSIZE];
     char os[CF_MAXVARSIZE];
     char buffer[CF_BUFSIZE];
@@ -2227,7 +2227,7 @@ static int Linux_Misc_Version(EvalContext *ctx)
 
     if (*os && *version)
     {
-        snprintf(flavor, CF_MAXVARSIZE, "%s_%s", os, version);
+        snprintf(flavor, CF_BUFSIZE, "%s_%s", os, version);
         SetFlavor(ctx, flavor);
         return 1;
     }
@@ -2242,7 +2242,7 @@ static int Linux_Debian_Version(EvalContext *ctx)
     int major = -1;
     int release = -1;
     int result;
-    char classname[CF_MAXVARSIZE], buffer[CF_MAXVARSIZE], os[CF_MAXVARSIZE], version[CF_MAXVARSIZE];
+    char classname[CF_BUFSIZE], buffer[CF_BUFSIZE], os[CF_MAXVARSIZE], version[CF_MAXVARSIZE];
 
     Log(LOG_LEVEL_VERBOSE, "This appears to be a debian system.");
     EvalContextClassPutHard(
@@ -2276,7 +2276,7 @@ static int Linux_Debian_Version(EvalContext *ctx)
 
     case 1:
         Log(LOG_LEVEL_VERBOSE, "This appears to be a Debian %u system.", major);
-        snprintf(classname, CF_MAXVARSIZE, "debian_%u", major);
+        snprintf(classname, CF_BUFSIZE, "debian_%u", major);
         SetFlavor(ctx, classname);
         break;
 
@@ -2285,11 +2285,8 @@ static int Linux_Debian_Version(EvalContext *ctx)
         sscanf(buffer, "%25[^/]", version);
         if (strlen(version) > 0)
         {
-            snprintf(classname, CF_MAXVARSIZE, "debian_%s", version);
-            EvalContextClassPutHard(
-                ctx,
-                classname,
-                "inventory,attribute_name=none,source=agent,derived-from-file="DEBIAN_VERSION_FILENAME);
+            snprintf(classname, CF_BUFSIZE, "debian_%s", version);
+            EvalContextClassPutHard(ctx, classname, "inventory,attribute_name=none,source=agent");
         }
         break;
     }
@@ -2543,13 +2540,13 @@ static int EOS_Version(EvalContext *ctx)
     {
         if (strstr(buffer, "EOS"))
         {
-            char version[CF_MAXVARSIZE], class[CF_MAXVARSIZE];
+            char version[CF_MAXVARSIZE], class[CF_BUFSIZE];
             EvalContextClassPutHard(ctx, "eos", "inventory,attribute_name=none,source=agent");
             EvalContextClassPutHard(ctx, "arista", "source=agent");
             version[0] = '\0';
             sscanf(buffer, "%*s %*s %*s %s", version);
             CanonifyNameInPlace(version);
-            snprintf(class, CF_MAXVARSIZE, "eos_%s", version);
+            snprintf(class, CF_BUFSIZE, "eos_%s", version);
             EvalContextClassPutHard(ctx, class, "inventory,attribute_name=none,source=agent");
         }
     }
@@ -2569,14 +2566,14 @@ static int MiscOS(EvalContext *ctx)
     {
        if (strstr(buffer, "BIG-IP"))
        {
-           char version[CF_MAXVARSIZE], build[CF_MAXVARSIZE], class[CF_MAXVARSIZE];
+           char version[CF_MAXVARSIZE], build[CF_MAXVARSIZE], class[CF_BUFSIZE];
            EvalContextClassPutHard(ctx, "big_ip", "inventory,attribute_name=none,source=agent");
            sscanf(buffer, "%*s %s %*s %s", version, build);
            CanonifyNameInPlace(version);
            CanonifyNameInPlace(build);
-           snprintf(class, CF_MAXVARSIZE, "big_ip_%s", version);
+           snprintf(class, CF_BUFSIZE, "big_ip_%s", version);
            EvalContextClassPutHard(ctx, class, "inventory,attribute_name=none,source=agent");
-           snprintf(class, CF_MAXVARSIZE, "big_ip_%s_%s", version, build);
+           snprintf(class, CF_BUFSIZE, "big_ip_%s_%s", version, build);
            EvalContextClassPutHard(ctx, class, "inventory,attribute_name=none,source=agent");
            SetFlavor(ctx, "BIG-IP");
        }
@@ -2589,7 +2586,8 @@ static int MiscOS(EvalContext *ctx)
 
 static int VM_Version(EvalContext *ctx)
 {
-    char *sp, buffer[CF_BUFSIZE], classbuf[CF_BUFSIZE], version[CF_BUFSIZE];
+#define CF_CLASSBUFSIZE 2*CF_BUFSIZE
+    char *sp, buffer[CF_BUFSIZE], classbuf[CF_CLASSBUFSIZE], version[CF_BUFSIZE];
     int major, minor, bug;
     int sufficient = 0;
 
@@ -2601,17 +2599,17 @@ static int VM_Version(EvalContext *ctx)
     {
         if (sscanf(buffer, "VMware ESX Server %d.%d.%d", &major, &minor, &bug) > 0)
         {
-            snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %d", major);
+            snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %d", major);
             EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
-            snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %d.%d", major, minor);
+            snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %d.%d", major, minor);
             EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
-            snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %d.%d.%d", major, minor, bug);
+            snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %d.%d.%d", major, minor, bug);
             EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
             sufficient = 1;
         }
         else if (sscanf(buffer, "VMware ESX Server %s", version) > 0)
         {
-            snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %s", version);
+            snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %s", version);
             EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent");
             sufficient = 1;
         }
diff --git a/libpromises/cf3globals.c b/libpromises/cf3globals.c
index 7915affc07fc..932dd62456f9 100644
--- a/libpromises/cf3globals.c
+++ b/libpromises/cf3globals.c
@@ -55,7 +55,7 @@ long LASTSEENEXPIREAFTER = SECONDS_PER_WEEK; /* GLOBAL_P */
 bool DONTDO = false; /* GLOBAL_A */
 
 /* NB! Check use before changing sizes */
-char VFQNAME[CF_MAXVARSIZE] = ""; /* GLOBAL_E GLOBAL_P */
+char VFQNAME[CF_BUFSIZE] = ""; /* GLOBAL_E GLOBAL_P */
 char VUQNAME[CF_MAXVARSIZE] = ""; /* GLOBAL_E */
 char VDOMAIN[CF_MAXVARSIZE] = ""; /* GLOBAL_E GLOBAL_P */
 
diff --git a/libpromises/cf3lex.l b/libpromises/cf3lex.l
index c28c4302a74a..766fe3fd7896 100644
--- a/libpromises/cf3lex.l
+++ b/libpromises/cf3lex.l
@@ -334,7 +334,7 @@ promise_type   [a-zA-Z_]+:
                           {
                               yyerror("identifier too long");
                           }
-                          strncpy(P.currentid, yytext, CF_MAXVARSIZE);
+                          strncpy(P.currentid, yytext, CF_MAXVARSIZE-1);
                           return IDSYNTAX;
                       }
 
@@ -347,7 +347,7 @@ promise_type   [a-zA-Z_]+:
                           {
                               yyerror("qualified identifier too long");
                           }
-                          strncpy(P.currentid, yytext, CF_MAXVARSIZE);
+                          strncpy(P.currentid, yytext, CF_MAXVARSIZE-1);
                           return IDSYNTAX;
                       }
 
@@ -441,7 +441,7 @@ promise_type   [a-zA-Z_]+:
 
                           tmp = xstrdup(yytext);
                           tmp[yyleng - 1] = '\0';
-                          strncpy(P.currenttype, tmp, CF_MAXVARSIZE);
+                          strncpy(P.currenttype, tmp, CF_MAXVARSIZE-1);
 
                           if (P.currentclasses != NULL)
                           {
diff --git a/libpromises/cf3parse.y b/libpromises/cf3parse.y
index 9fea664a9874..5e5268d9f372 100644
--- a/libpromises/cf3parse.y
+++ b/libpromises/cf3parse.y
@@ -1142,7 +1142,7 @@ functionid:            IDSYNTAX
                      | NAKEDVAR
                        {
                            ParserDebug("\tP:%s:%s:%s:%s function nakedvar = %s\n", P.block, P.blocktype, P.blockid, P.currentclasses ? P.currentclasses : "any", P.currentstring);
-                           strncpy(P.currentid,P.currentstring,CF_MAXVARSIZE); // Make a var look like an ID
+                           strncpy(P.currentid,P.currentstring,CF_MAXVARSIZE-1); // Make a var look like an ID
                            free(P.currentstring);
                            P.currentstring = NULL;
                        }
diff --git a/libpromises/eval_context.c b/libpromises/eval_context.c
index 7c7ffd069e3e..497ea48874c3 100644
--- a/libpromises/eval_context.c
+++ b/libpromises/eval_context.c
@@ -1571,7 +1571,7 @@ Class *EvalContextClassMatch(const EvalContext *ctx, const char *regex)
 static bool EvalContextClassPut(EvalContext *ctx, const char *ns, const char *name, bool is_soft, ContextScope scope, const char *tags)
 {
     {
-        char context_copy[CF_MAXVARSIZE];
+        char context_copy[CF_BUFSIZE];
         char canonified_context[CF_MAXVARSIZE];
 
 
@@ -1594,7 +1594,7 @@ static bool EvalContextClassPut(EvalContext *ctx, const char *ns, const char *na
 
         if (ns && strcmp(ns, "default") != 0)
         {
-            snprintf(context_copy, CF_MAXVARSIZE, "%s:%s", ns, canonified_context);
+            snprintf(context_copy, CF_BUFSIZE, "%s:%s", ns, canonified_context);
         }
         else
         {
diff --git a/libpromises/evalfunction.c b/libpromises/evalfunction.c
index 505a2e6d140b..6fb0f261fafc 100644
--- a/libpromises/evalfunction.c
+++ b/libpromises/evalfunction.c
@@ -496,7 +496,7 @@ static Rlist *GetHostsFromLastseenDB(Item *addresses, time_t horizon, bool retur
     Item *ip;
     time_t now = time(NULL);
     double entrytime;
-    char address[CF_MAXVARSIZE];
+    char address[CF_BUFSIZE];
 
     for (ip = addresses; ip != NULL; ip = ip->next)
     {
diff --git a/libpromises/expand.c b/libpromises/expand.c
index 37da303b189e..0494a3c1be29 100644
--- a/libpromises/expand.c
+++ b/libpromises/expand.c
@@ -870,7 +870,7 @@ static void ResolveControlBody(EvalContext *ctx, GenericAgentConfig *config,
 
             EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "domain");
             EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost");
-            snprintf(VFQNAME, CF_MAXVARSIZE, "%s.%s", VUQNAME, VDOMAIN);
+            snprintf(VFQNAME, CF_BUFSIZE, "%s.%s", VUQNAME, VDOMAIN);
             EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost",
                                           VFQNAME, CF_DATA_TYPE_STRING,
                                           "inventory,source=agent,attribute_name=Host name");
diff --git a/libpromises/keyring.c b/libpromises/keyring.c
index a8e4f2c8c640..55e52c28a358 100644
--- a/libpromises/keyring.c
+++ b/libpromises/keyring.c
@@ -83,9 +83,9 @@ int RemovePublicKey(const char *id)
 
         if (c && c[strlen(suffix)] == '\0')     /* dirp->d_name ends with suffix */
         {
-            char keyfilename[CF_BUFSIZE];
+            char keyfilename[CF_BUFSIZE * 2];
 
-            snprintf(keyfilename, CF_BUFSIZE, "%s/%s", keysdir, dirp->d_name);
+            snprintf(keyfilename, CF_BUFSIZE * 2, "%s/%s", keysdir, dirp->d_name);
             MapName(keyfilename);
 
             if (unlink(keyfilename) < 0)
diff --git a/tests/unit/logging_test.c b/tests/unit/logging_test.c
index e625e2b8c945..dc6ee2451a88 100644
--- a/tests/unit/logging_test.c
+++ b/tests/unit/logging_test.c
@@ -6,7 +6,7 @@
 #include <syslog_client.h>
 #include <string_lib.h>
 
-char VFQNAME[CF_MAXVARSIZE];
+char VFQNAME[CF_BUFSIZE];
 char VPREFIX[CF_MAXVARSIZE];
 
 static struct sockaddr *got_address;
diff --git a/tests/unit/set_domainname_test.c b/tests/unit/set_domainname_test.c
index 55cd05c17463..87a9dace0d68 100644
--- a/tests/unit/set_domainname_test.c
+++ b/tests/unit/set_domainname_test.c
@@ -9,7 +9,7 @@
 
 /* Global variables we care about */
 
-char VFQNAME[CF_MAXVARSIZE];
+char VFQNAME[CF_BUFSIZE];
 char VUQNAME[CF_MAXVARSIZE];
 char VDOMAIN[CF_MAXVARSIZE];
 
-- 
2.24.0