--- eggdrop/src~/mod/server.mod/servmsg.c	2007-08-12 16:39:34.000000000 +0200
+++ eggdrop/src/mod/server.mod/servmsg.c	2007-08-12 16:39:52.000000000 +0200
@@ -461,7 +461,8 @@
   to = newsplit(&msg);
   fixcolon(msg);
   /* Only check if flood-ctcp is active */
-  strcpy(uhost, from);
+  strncpy(uhost, from, sizeof(buf));
+  buf[sizeof(buf) - 1] = '\0';
   nick = splitnick(&uhost);
   if (flud_ctcp_thr && detect_avalanche(msg)) {
     if (!ignoring) {
@@ -471,7 +472,7 @@
         p++;
       else
         p = uhost;
-      simple_sprintf(ctcpbuf, "*!*@%s", p);
+      snprintf(ctcpbuf, sizeof(ctcpbuf), "*!*@%s", p);
       addignore(ctcpbuf, botnetnick, "ctcp avalanche",
                 now + (60 * ignore_time));
     }
@@ -486,8 +487,12 @@
       p++;
     if (*p == 1) {
       *p = 0;
-      ctcp = strcpy(ctcpbuf, p1);
-      strcpy(p1 - 1, p + 1);
+      ctcp = strncpy(ctcpbuf, p1, sizeof(ctcpbuf));
+      ctcpbuf[sizeof(ctcpbuf) - 1] = '\0';
+      /* copy the part after the second : in front of it after
+       * the first :, this is temporary copied to ctcpbuf */
+      strncpy(p1 - 1, p + 1, strlen(ctcpbuf) - 1);
+
       if (!ignoring)
         detect_flood(nick, uhost, from,
                      strncmp(ctcp, "ACTION ", 7) ? FLOOD_CTCP : FLOOD_PRIVMSG);