--- /dev/null
+diff -urN anubis-3.6.2/src/auth.c anubis-3.6.2-fix/src/auth.c
+--- anubis-3.6.2/src/auth.c Wed Dec 4 22:43:34 2002
++++ anubis-3.6.2-fix/src/auth.c Wed Feb 25 20:29:40 2004
+@@ -42,6 +42,66 @@
+ IDENT protocol support
+ ************************/
+
++#define USERNAME_C "USERID :"
++
++/* If the reply matches sscanf expression
++
++ "%*[^:]: USERID :%*[^:]:%s"
++
++ and the length of "%s" part does not exceed size-1 bytes,
++ copies this part to USERNAME and returns 0. Otherwise,
++ returns 1 */
++
++static int
++ident_extract_username(char *reply, char *username, size_t size)
++{
++ char *p;
++
++ p = strchr (reply, ':');
++ if (!p)
++ return 1;
++ if (p[1] != ' '
++ || strncmp (p + 2, USERNAME_C, sizeof (USERNAME_C) - 1))
++ return 1;
++ p += 2 + sizeof (USERNAME_C) - 1;
++ p = strchr (p, ':');
++ if (!p)
++ return 1;
++ p++;
++ if (strlen (p) >= size)
++ return 1;
++ strcpy(username, p);
++ return 0;
++}
++
++/* If the reply matches sscanf expression
++
++ "%*[^ ] %*[^ ] %*[^ ] %*[^ ] %*[^ ] %s"
++
++ and the length of "%s" part does not exceed size-1 bytes,
++ copies this part to USERNAME and returns 0. Otherwise,
++ returns 1 */
++
++static int
++crypt_extract_username(char *reply, char *username, size_t size)
++{
++ int i;
++ char *p = reply;
++#define skip_word(c) while (*c && (*c) != ' ') c++
++
++ /* Skip five words */
++ for (i = 0; i < 5; i++) {
++ skip_word(p);
++ if (!*p++)
++ return 1;
++ }
++
++ if (strlen (p) >= size)
++ return 1;
++ strcpy(username, p);
++ return 0;
++}
++
+ int
+ auth_ident(struct sockaddr_in *addr, char *user, int size)
+ {
+@@ -51,7 +111,8 @@
+ int sd = 0;
+
+ if ((sd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+- anubis_error(SOFT, _("IDENT: socket() failed: %s."), strerror(errno));
++ anubis_error(SOFT, _("IDENT: socket() failed: %s."),
++ strerror(errno));
+ return 0;
+ }
+ memcpy(&ident, addr, sizeof(ident));
+@@ -69,11 +130,7 @@
+ info(VERBOSE, _("IDENT: connected to %s:%u"),
+ inet_ntoa(ident.sin_addr), ntohs(ident.sin_port));
+
+- #ifdef HAVE_SNPRINTF
+ snprintf(buf, LINEBUFFER,
+- #else
+- sprintf(buf,
+- #endif /* HAVE_SNPRINTF */
+ "%u , %u"CRLF, ntohs(addr->sin_port), session.tunnel_port);
+
+ if (send(sd, buf, strlen(buf), 0) == -1) {
+@@ -89,7 +146,8 @@
+ close_socket(sd);
+ memset(user, 0, size);
+
+- if (sscanf(buf, "%*[^:]: USERID :%*[^:]:%s", user) != 1) {
++ remcrlf (buf);
++ if (ident_extract_username(buf, user, size)) {
+ info(VERBOSE, _("IDENT: incorrect data."));
+ return 0;
+ }
+@@ -105,7 +163,8 @@
+ if (rs == -1)
+ return 0;
+
+- if (sscanf(buf, "%*[^ ] %*[^ ] %*[^ ] %*[^ ] %*[^ ] %s", user) != 1) {
++ remcrlf (buf);
++ if (crypt_extract_username(buf, user, size)) {
+ info(VERBOSE, _("IDENT: incorrect data (DES deciphered)."));
+ return 0;
+ }
+diff -urN anubis-3.6.2/src/errs.c anubis-3.6.2-fix/src/errs.c
+--- anubis-3.6.2/src/errs.c Wed Dec 4 22:42:02 2002
++++ anubis-3.6.2-fix/src/errs.c Wed Feb 25 20:33:49 2004
+@@ -51,7 +51,7 @@
+ if (options.slogfile)
+ filelog(options.slogfile, txt);
+ else
+- syslog(LOG_ERR | LOG_MAIL, txt);
++ syslog(LOG_ERR | LOG_MAIL, "%s", txt);
+
+ if (options.ulogfile && options.uloglevel >= FAILS)
+ filelog(options.ulogfile, txt);
+diff -urN anubis-3.6.2/src/log.c anubis-3.6.2-fix/src/log.c
+--- anubis-3.6.2/src/log.c Wed Dec 4 22:42:26 2002
++++ anubis-3.6.2-fix/src/log.c Wed Feb 25 20:32:30 2004
+@@ -70,7 +70,7 @@
+ if (options.slogfile)
+ filelog(options.slogfile, txt);
+ else
+- syslog(LOG_INFO | LOG_MAIL, txt);
++ syslog(LOG_INFO | LOG_MAIL, "%s", txt);
+
+ if (options.ulogfile && options.uloglevel >= ALL)
+ filelog(options.ulogfile, txt);
+diff -urN anubis-3.6.2/src/ssl.c anubis-3.6.2-fix/src/ssl.c
+--- anubis-3.6.2/src/ssl.c Wed Dec 4 22:40:45 2002
++++ anubis-3.6.2-fix/src/ssl.c Wed Feb 25 20:33:28 2004
+@@ -64,7 +64,7 @@
+ if (options.termlevel != SILENT) {
+ #ifdef HAVE_SYSLOG
+ if ((topt & T_DAEMON) && !(topt & T_FOREGROUND))
+- syslog(LOG_ERR | LOG_MAIL, string_error);
++ syslog(LOG_ERR | LOG_MAIL, "%s", string_error);
+ else
+ #endif /* HAVE_SYSLOG */
+ mprintf(">>%s", string_error);