This new beta may be more on the alpha side of beta as it includes a substantial number of changes to improve security. Rather than using the standard strcpy, strcat, etc it now uses the OpenBSD secure string handling functions strlcat and strlcpy and use of sprintf has been changed to snprintf to try and avoid possible buffer overruns. I’m not actually aware of any attacks but this is quite old code so you never know your luck.
I’ve also changed the implementation of the nsearch() function to use strcasestr() which makes it much simpler.
Please test and comment!
ChangeLog for Beta2
2007/01/07 - Added OpenBSD secure string handling functions strlcat and strlcpy. - Added prototypes for strlcat and strlcpy to vacation.h. - Changed vacation.c to use strlcat and strlcpy instead of strcat and strcpy. - Changed vacation.c to use snprintf rather than sprintf. - Made flawfinder ignore snprintf's as they are all constant format strings. - Changed Makefile to build with OpenBSD string functions. - Changed "make clean" to remove vacation in source directory. - Added a dependancy on vacation.h to the various build options. - Replaced the old nsearch() code with simpler code based using strcasestr()