--- /dev/null
+--- main.c.orig 2010-03-04 03:11:14.000000000 +0100
++++ main.c 2010-03-06 22:34:46.000000000 +0100
+@@ -3888,7 +3888,10 @@
+ if (argc > 1) {
+ for (i = 1; i < argc; i++) {
+ if (strstr(argv[i], "path") || strstr(argv[i], "log")) {
+- strcpy(buffer, argv[i]);
++ //This is a security flaw (see http://bugs.debian.org/203541
++ //strcpy(buffer, argv[i]);
++ memset(buffer,'\0',sizeof(buffer));
++ strncpy(buffer,argv[i],sizeof(buffer)-1);
+ result = Option(tree);
+ if (result == 0)
+ printf("ERROR \"%s\" is unknown command-line option\n", buffer);
+@@ -3967,7 +3970,10 @@
+ for (i = 1; i < argc; i++)
+ if (strcmp(argv[i], "c"))
+ if (!strstr(argv[i], "path")) {
+- strcpy(buffer, argv[i]);
++ //This is a security flaw (see http://bugs.debian.org/203541
++ //strcpy(buffer, argv[i]);
++ memset(buffer,'\0',sizeof(buffer));
++ strncpy(buffer,argv[i],sizeof(buffer)-1);
+ result = Option(tree);
+ if (result == 0)
+ printf("ERROR \"%s\" is unknown command-line option\n", buffer);
+@@ -3996,11 +4002,16 @@
+ */
+ #if defined(UNIX)
+ input_stream = fopen(".craftyrc", "r");
+- if (!input_stream)
++ if (!input_stream) {
+ if ((pwd = getpwuid(getuid()))) {
+ sprintf(path, "%s/.craftyrc", pwd->pw_dir);
+ input_stream = fopen(path, "r");
+ }
++ if (!input_stream) {
++ sprintf (path, "%s/crafty.rc", rc_path);
++ input_stream = fopen (path, "r");
++ }
++ }
+ if (input_stream)
+ #else
+ sprintf(crafty_rc_file_spec, "%s/crafty.rc", rc_path);
+