--- /dev/null
+--- cyrus-imapd-2.0.16/imap/imapparse.c.orig Mon Jul 16 21:31:14 2001
++++ cyrus-imapd-2.0.16/imap/imapparse.c Thu Dec 5 11:53:09 2002
+@@ -52,7 +52,7 @@
+ struct buf *buf, int type)
+ {
+ int c;
+- int i, len = 0;
++ unsigned int i, len = 0;
+ int sawdigit = 0;
+ int isnowait;
+
+@@ -168,6 +168,16 @@
+ if (c != EOF) prot_ungetc(c, pin);
+ return EOF;
+ }
++ if (len > 65536) {
++ if (isnowait) {
++ for (i = 0; i < len; i++)
++ c = prot_getc(pin);
++ }
++ prot_printf(pout, "* BAD Literal too large\r\n");
++ prot_flush(pout);
++ if (c != EOF) prot_ungetc(c, pin);
++ return EOF;
++ }
+ if (len >= buf->alloc) {
+ buf->alloc = len+1;
+ buf->s = xrealloc(buf->s, buf->alloc+1);
--- /dev/null
+--- cyrus-imapd-2.0.16/sieve/addr.y.orig Sat Jul 15 06:32:32 2000
++++ cyrus-imapd-2.0.16/sieve/addr.y Thu Dec 5 11:35:29 2002
+@@ -87,8 +87,9 @@
+ /* copy address error message into buffer provided by sieve parser */
+ int yyerror(char *s)
+ {
+-extern char addrerr[];
++extern char addrerr[500];
+
+- strcpy(addrerr, s);
++ strncpy(addrerr, s, sizeof(addrerr)-1);
++ addrerr[sizeof(addrerr)-1] = '\0';
+ return 0;
+ }
+--- cyrus-imapd-2.0.16/sieve/sieve.y.orig Mon Dec 18 05:53:43 2000
++++ cyrus-imapd-2.0.16/sieve/sieve.y Thu Dec 5 11:36:52 2002
+@@ -599,7 +599,7 @@
+
+ addrptr = s;
+ if (addrparse()) {
+- sprintf(errbuf, "address '%s': %s", s, addrerr);
++ snprintf(errbuf, sizeof(errbuf), "address '%s': %s", s, addrerr);
+ yyerror(errbuf);
+ return 0;
+ }
+@@ -633,14 +633,14 @@
+ if (strcmp(f, "\\seen") && strcmp(f, "\\answered") &&
+ strcmp(f, "\\flagged") && strcmp(f, "\\draft") &&
+ strcmp(f, "\\deleted")) {
+- sprintf(errbuf, "flag '%s': not a system flag", f);
++ snprintf(errbuf, sizeof(errbuf), "flag '%s': not a system flag", f);
+ yyerror(errbuf);
+ return 0;
+ }
+ return 1;
+ }
+ if (!imparse_isatom(f)) {
+- sprintf(errbuf, "flag '%s': not a valid keyword", f);
++ snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid keyword", f);
+ yyerror(errbuf);
+ return 0;
+ }
--- /dev/null
+--- cyrus-imapd-2.0.16/imap/fud.c.orig Tue Dec 3 10:38:01 2002
++++ cyrus-imapd-2.0.16/imap/fud.c Thu Dec 5 12:04:22 2002
+@@ -313,7 +313,7 @@
+ sendto(soc,"PERMDENY",9,0,(struct sockaddr *) &sfrom, sizeof(sfrom));
+ break;
+ case REQ_OK:
+- siz = sprintf(buf,"%s|%s|%d|%d|%d",user,mbox,numrecent,(int) lastread,(int) lastarrived);
++ siz = sprintf(buf,sizeof(buf),"%s|%s|%d|%d|%d",user,mbox,numrecent,(int) lastread,(int) lastarrived);
+ sendto(soc,buf,siz,0,(struct sockaddr *) &sfrom, sizeof(sfrom));
+ break;
+ case REQ_UNK: