--- /dev/null
+diff -ru BitchX-old/source/banlist.c BitchX/source/banlist.c
+--- BitchX-old/source/banlist.c 2002-02-28 06:22:46.000000000 +0200
++++ BitchX/source/banlist.c 2003-03-13 20:09:01.000000000 +0200
+@@ -277,30 +277,30 @@
+ case 7:
+ if (ip)
+ {
+- sprintf(banstr, "*!*@%s", cluster(ip));
++ snprintf(banstr, sizeof(banstr), "*!*@%s", cluster(ip));
+ break;
+ }
+ case 2: /* Better */
+- sprintf(banstr, "*!*%s@%s", t1, cluster(host));
++ snprintf(banstr, sizeof(banstr), "*!*%s@%s", t1, cluster(host));
+ break;
+ case 3: /* Host */
+- sprintf(banstr, "*!*@%s", host);
++ snprintf(banstr, sizeof(banstr), "*!*@%s", host);
+ break;
+ case 4: /* Domain */
+- sprintf(banstr, "*!*@*%s", strrchr(host, '.'));
++ snprintf(banstr, sizeof(banstr), "*!*@*%s", strrchr(host, '.'));
+ break;
+ case 5: /* User */
+- sprintf(banstr, "*!%s@%s", t, cluster(host));
++ snprintf(banstr, sizeof(banstr), "*!%s@%s", t, cluster(host));
+ break;
+ case 6: /* Screw */
+ malloc_sprintf(&tmpstr, "*!*%s@%s", t1, host);
+- strcpy(banstr, screw(tmpstr));
++ strmcpy(banstr, screw(tmpstr), sizeof(banstr)-1);
+ new_free(&tmpstr);
+ break;
+ case 1: /* Normal */
+ default:
+ {
+- sprintf(banstr, "%s!*%s@%s", nick, t1, host);
++ snprintf(banstr, sizeof(banstr), "%s!*%s@%s", nick, t1, host);
+ break;
+ }
+ }
+diff -ru BitchX-old/source/ctcp.c BitchX/source/ctcp.c
+--- BitchX-old/source/ctcp.c 2002-02-28 06:22:47.000000000 +0200
++++ BitchX/source/ctcp.c 2003-03-13 19:59:35.000000000 +0200
+@@ -1482,6 +1482,7 @@
+ *putbuf2;
+ int len;
+ len = IRCD_BUFFER_SIZE - (12 + strlen(to));
++ if (len <= 2) return;
+ putbuf2 = alloca(len);
+
+ if (format)
+diff -ru BitchX-old/source/misc.c BitchX/source/misc.c
+--- BitchX-old/source/misc.c 2002-03-24 11:31:07.000000000 +0200
++++ BitchX/source/misc.c 2003-03-13 20:02:13.000000000 +0200
+@@ -3121,19 +3121,19 @@
+ {
+ if (*hostname == '~')
+ hostname++;
+- strcpy(result, hostname);
++ strmcpy(result, hostname, sizeof(result)-1);
+ *strchr(result, '@') = '\0';
+ if (strlen(result) > 9)
+ {
+ result[8] = '*';
+ result[9] = '\0';
+ }
+- strcat(result, "@");
++ strmcat(result, "@", sizeof(result)-1);
+ if (!(hostname = strchr(hostname, '@')))
+ return NULL;
+ hostname++;
+ }
+- strcpy(host, hostname);
++ strmcpy(host, hostname, sizeof(host)-1);
+
+ if (*host && isdigit(*(host + strlen(host) - 1)))
+ {
+@@ -3154,8 +3154,8 @@
+ for (i = 0; i < count; i++)
+ tmp = strchr(tmp, '.') + 1;
+ *tmp = '\0';
+- strcat(result, host);
+- strcat(result, "*");
++ strmcat(result, host, sizeof(result)-1);
++ strmcat(result, "*", sizeof(result)-1);
+ }
+ else
+ {
+@@ -3177,10 +3177,10 @@
+ else
+ return (char *) NULL;
+ }
+- strcat(result, "*");
++ strmcat(result, "*", sizeof(result)-1);
+ if (my_stricmp(host, temphost))
+- strcat(result, ".");
+- strcat(result, host);
++ strmcat(result, ".", sizeof(result)-1);
++ strmcat(result, host, sizeof(result)-1);
+ }
+ return result;
+ }
+diff -ru BitchX-old/source/names.c BitchX/source/names.c
+--- BitchX-old/source/names.c 2002-03-25 22:47:30.000000000 +0200
++++ BitchX/source/names.c 2003-03-13 20:10:26.000000000 +0200
+@@ -572,7 +572,7 @@
+
+ *nmodes = 0;
+ *nargs = 0;
+- for (; *modes; modes++)
++ for (; *modes && strlen(nmodes) < sizeof(nmodes)-2; modes++)
+ {
+ isbanned = isopped = isvoiced = 0;
+ switch (*modes)
+@@ -742,7 +742,7 @@
+
+ /* modes which can be done multiple times are added here */
+
+- for (tucm = ucm; tucm; tucm = tucm->next)
++ for (tucm = ucm; tucm && strlen(nmodes) < sizeof(nmodes)-2; tucm = tucm->next)
+ {
+ if (tucm->o_ed)
+ {
+diff -ru BitchX-old/source/notice.c BitchX/source/notice.c
+--- BitchX-old/source/notice.c 2002-02-28 06:22:50.000000000 +0200
++++ BitchX/source/notice.c 2003-03-13 20:07:39.000000000 +0200
+@@ -422,10 +422,10 @@
+ {
+ char *q = strchr(line, ':');
+ char *port = empty_string;
+- int conn = !strncmp(line+7, "connect", 7) ? 1 : 0;
++ int conn = strlen(line) > 7 && !strncmp(line+7, "connect", 7) ? 1 : 0;
+ int dalnet = 0, ircnet = 0;
+
+- if (*(line+18) == ':')
++ if (strlen(line) > 18 && *(line+18) == ':')
+ q = NULL;
+ else
+ dalnet = (q == NULL);
+@@ -462,7 +462,7 @@
+ else sscanf(p, "%s was %s from %s", for_, fr, temp);
+
+ q = p;
+- sprintf(q, "%s@%s", fr, temp);
++ snprintf(q, strlen(q)+1, "%s@%s", fr, temp);
+ if (!conn)
+ {
+ port = strstr(temp2, "reason:");
+diff -ru BitchX-old/source/server.c BitchX/source/server.c
+--- BitchX-old/source/server.c 2002-03-25 07:21:24.000000000 +0200
++++ BitchX/source/server.c 2003-03-13 20:10:00.000000000 +0200
+@@ -474,11 +474,11 @@
+ }
+ else
+ #endif
+- junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE, server_list[i].ssl_fd);
++ junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE/2, server_list[i].ssl_fd);
+ }
+ else
+ #endif
+- junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE, NULL);
++ junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE/2, NULL);
+ }
+ switch (junk)
+ {
+@@ -1741,7 +1741,7 @@
+ default:
+ if (FD_ISSET(des, &rd))
+ {
+- if (!dgets(buffer, des, 0, BIG_BUFFER_SIZE, NULL))
++ if (!dgets(buffer, des, 0, BIG_BUFFER_SIZE/2, NULL))
+ flushing = 0;
+ }
+ break;
+@@ -1751,7 +1751,7 @@
+ FD_ZERO(&rd);
+ FD_SET(des, &rd);
+ if (new_select(&rd, NULL, &timeout) > 0)
+- dgets(buffer, des, 1, BIG_BUFFER_SIZE, NULL);
++ dgets(buffer, des, 1, BIG_BUFFER_SIZE/2, NULL);
+ }