-diff -ru BitchX-old/source/banlist.c BitchX/source/banlist.c
---- BitchX-old/source/banlist.c 2002-02-28 06:22:46.000000000 +0200
-+++ BitchX/source/banlist.c 2003-03-13 20:09:01.000000000 +0200
-@@ -277,30 +277,30 @@
- case 7:
- if (ip)
- {
-- sprintf(banstr, "*!*@%s", cluster(ip));
-+ snprintf(banstr, sizeof(banstr), "*!*@%s", cluster(ip));
- break;
- }
- case 2: /* Better */
-- sprintf(banstr, "*!*%s@%s", t1, cluster(host));
-+ snprintf(banstr, sizeof(banstr), "*!*%s@%s", t1, cluster(host));
- break;
- case 3: /* Host */
-- sprintf(banstr, "*!*@%s", host);
-+ snprintf(banstr, sizeof(banstr), "*!*@%s", host);
- break;
- case 4: /* Domain */
-- sprintf(banstr, "*!*@*%s", strrchr(host, '.'));
-+ snprintf(banstr, sizeof(banstr), "*!*@*%s", strrchr(host, '.'));
- break;
- case 5: /* User */
-- sprintf(banstr, "*!%s@%s", t, cluster(host));
-+ snprintf(banstr, sizeof(banstr), "*!%s@%s", t, cluster(host));
- break;
- case 6: /* Screw */
- malloc_sprintf(&tmpstr, "*!*%s@%s", t1, host);
-- strcpy(banstr, screw(tmpstr));
-+ strmcpy(banstr, screw(tmpstr), sizeof(banstr)-1);
- new_free(&tmpstr);
- break;
- case 1: /* Normal */
- default:
- {
-- sprintf(banstr, "%s!*%s@%s", nick, t1, host);
-+ snprintf(banstr, sizeof(banstr), "%s!*%s@%s", nick, t1, host);
- break;
- }
- }
-diff -ru BitchX-old/source/ctcp.c BitchX/source/ctcp.c
---- BitchX-old/source/ctcp.c 2002-02-28 06:22:47.000000000 +0200
-+++ BitchX/source/ctcp.c 2003-03-13 19:59:35.000000000 +0200
-@@ -1482,6 +1482,7 @@
- *putbuf2;
- int len;
- len = IRCD_BUFFER_SIZE - (12 + strlen(to));
-+ if (len <= 2) return;
- putbuf2 = alloca(len);
-
- if (format)
-diff -ru BitchX-old/source/misc.c BitchX/source/misc.c
---- BitchX-old/source/misc.c 2002-03-24 11:31:07.000000000 +0200
-+++ BitchX/source/misc.c 2003-03-13 20:02:13.000000000 +0200
-@@ -3121,19 +3121,19 @@
- {
- if (*hostname == '~')
- hostname++;
-- strcpy(result, hostname);
-+ strmcpy(result, hostname, sizeof(result)-1);
- *strchr(result, '@') = '\0';
- if (strlen(result) > 9)
- {
- result[8] = '*';
- result[9] = '\0';
- }
-- strcat(result, "@");
-+ strmcat(result, "@", sizeof(result)-1);
- if (!(hostname = strchr(hostname, '@')))
- return NULL;
- hostname++;
- }
-- strcpy(host, hostname);
-+ strmcpy(host, hostname, sizeof(host)-1);
-
- if (*host && isdigit(*(host + strlen(host) - 1)))
- {
-@@ -3154,8 +3154,8 @@
- for (i = 0; i < count; i++)
- tmp = strchr(tmp, '.') + 1;
- *tmp = '\0';
-- strcat(result, host);
-- strcat(result, "*");
-+ strmcat(result, host, sizeof(result)-1);
-+ strmcat(result, "*", sizeof(result)-1);
- }
- else
- {
-@@ -3177,10 +3177,10 @@
- else
- return (char *) NULL;
- }
-- strcat(result, "*");
-+ strmcat(result, "*", sizeof(result)-1);