--- /dev/null
+Index: addrtoname.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/addrtoname.c,v
+retrieving revision 1.5
+diff -u -r1.5 addrtoname.c
+--- addrtoname.c 1998/09/15 19:46:59 1.5
++++ addrtoname.c 2000/10/30 10:28:54
+@@ -525,7 +525,7 @@
+ tp->addr = i;
+ tp->nxt = newhnamemem();
+
+- (void)sprintf(buf, "%u", i);
++ (void)snprintf(buf, sizeof(buf), "%u", i);
+ tp->name = savestr(buf);
+ return (tp->name);
+ }
+@@ -551,7 +551,7 @@
+ while (table->name)
+ table = table->nxt;
+ if (nflag) {
+- (void)sprintf(buf, "%d", port);
++ (void)snprintf(buf, sizeof(buf), "%d", port);
+ table->name = savestr(buf);
+ } else
+ table->name = savestr(sv->s_name);
+Index: print-atalk.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-atalk.c,v
+retrieving revision 1.6
+diff -u -r1.6 print-atalk.c
+--- print-atalk.c 1998/09/15 19:46:59 1.6
++++ print-atalk.c 2000/10/30 10:28:54
+@@ -495,7 +495,7 @@
+ {
+ register struct hnamemem *tp, *tp2;
+ register int i = (atnet << 8) | athost;
+- char nambuf[256];
++ char nambuf[MAXHOSTNAMELEN + 20];
+ static int first = 1;
+ FILE *fp;
+
+@@ -540,7 +540,7 @@
+ if (tp2->addr == i) {
+ tp->addr = (atnet << 8) | athost;
+ tp->nxt = newhnamemem();
+- (void)sprintf(nambuf, "%s.%d", tp2->name, athost);
++ (void)snprintf(nambuf, sizeof(nambuf), "%s.%d", tp2->name, athost);
+ tp->name = savestr(nambuf);
+ return (tp->name);
+ }
+;Index: print-fr.c
+;===================================================================
+;RCS file: /mnt/ncvs/src/contrib/tcpdump/print-fr.c,v
+;retrieving revision 1.2
+;diff -u -r1.2 print-fr.c
+;--- print-fr.c 1998/01/01 04:13:43 1.2
+;+++ print-fr.c 2000/10/30 10:28:58
+;@@ -395,12 +395,12 @@
+; break;
+; case LINK_VERIFY_IE_91:
+; case LINK_VERIFY_IE_94:
+;- sprintf(temp_str,"TX Seq: %3d, RX Seq: %3d",
+;+ snprintf(temp_str, sizeof(temp_str), "TX Seq: %3d, RX Seq: %3d",
+; ptemp[2], ptemp[3]);
+; decode_str = temp_str;
+; break;
+; case PVC_STATUS_IE:
+;- sprintf(temp_str,"DLCI %d: status %s %s",
+;+ snprintf(temp_str,sizeof(temp_str), "DLCI %d: status %s %s",
+; ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3),
+; ptemp[4] & 0x8 ?"new,":" ",
+; ptemp[4] & 0x2 ?"Active":"Inactive");
+Index: print-icmp.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-icmp.c,v
+retrieving revision 1.3
+diff -u -r1.3 print-icmp.c
+--- print-icmp.c 1997/05/27 02:17:32 1.3
++++ print-icmp.c 2000/10/30 10:28:58
+@@ -172,7 +172,7 @@
+ register const struct ip *oip;
+ register const struct udphdr *ouh;
+ register u_int hlen, dport, mtu;
+- char buf[256];
++ char buf[MAXHOSTNAMELEN + 100];
+
+ dp = (struct icmp *)bp;
+ ip = (struct ip *)bp2;
+@@ -191,7 +191,7 @@
+
+ case ICMP_UNREACH_PROTOCOL:
+ TCHECK(dp->icmp_ip.ip_p);
+- (void)sprintf(buf, "%s protocol %d unreachable",
++ (void)snprintf(buf, sizeof(buf), "%s protocol %d unreachable",
+ ipaddr_string(&dp->icmp_ip.ip_dst),
+ dp->icmp_ip.ip_p);
+ break;
+@@ -205,21 +205,21 @@
+ switch (oip->ip_p) {
+
+ case IPPROTO_TCP:
+- (void)sprintf(buf,
++ (void)snprintf(buf, sizeof(buf),
+ "%s tcp port %s unreachable",
+ ipaddr_string(&oip->ip_dst),
+ tcpport_string(dport));
+ break;
+
+ case IPPROTO_UDP:
+- (void)sprintf(buf,
++ (void)snprintf(buf, sizeof(buf),
+ "%s udp port %s unreachable",
+ ipaddr_string(&oip->ip_dst),
+ udpport_string(dport));
+ break;
+
+ default:
+- (void)sprintf(buf,
++ (void)snprintf(buf, sizeof(buf),
+ "%s protocol %d port %d unreachable",
+ ipaddr_string(&oip->ip_dst),
+ oip->ip_p, dport);
+@@ -234,11 +234,11 @@
+ mp = (struct mtu_discovery *)&dp->icmp_void;
+ mtu = EXTRACT_16BITS(&mp->nexthopmtu);
+ if (mtu)
+- (void)sprintf(buf,
++ (void)snprintf(buf, sizeof(buf),
+ "%s unreachable - need to frag (mtu %d)",
+ ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
+ else
+- (void)sprintf(buf,
++ (void)snprintf(buf, sizeof(buf),
+ "%s unreachable - need to frag",
+ ipaddr_string(&dp->icmp_ip.ip_dst));
+ }
+@@ -247,7 +247,7 @@
+ default:
+ fmt = tok2str(unreach2str, "#%d %%s unreachable",
+ dp->icmp_code);
+- (void)sprintf(buf, fmt,
++ (void)snprintf(buf, sizeof(buf), fmt,
+ ipaddr_string(&dp->icmp_ip.ip_dst));
+ break;
+ }
+@@ -257,7 +257,7 @@
+ TCHECK(dp->icmp_ip.ip_dst);
+ fmt = tok2str(type2str, "redirect-#%d %%s to net %%s",
+ dp->icmp_code);
+- (void)sprintf(buf, fmt,
++ (void)snprintf(buf, sizeof(buf), fmt,
+ ipaddr_string(&dp->icmp_ip.ip_dst),
+ ipaddr_string(&dp->icmp_gwaddr));
+ break;
+@@ -277,30 +277,30 @@
+ cp = buf + strlen(buf);
+ lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
+ if (lifetime < 60)
+- (void)sprintf(cp, "%u", lifetime);
++ (void)snprintf(cp, sizeof(buf) - strlen(buf), "%u", lifetime);
+ else if (lifetime < 60 * 60)
+- (void)sprintf(cp, "%u:%02u",
++ (void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u",
+ lifetime / 60, lifetime % 60);
+ else
+- (void)sprintf(cp, "%u:%02u:%02u",
++ (void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u:%02u",
+ lifetime / 3600,
+ (lifetime % 3600) / 60,
+ lifetime % 60);
+ cp = buf + strlen(buf);
+
+ num = ihp->ird_addrnum;
+- (void)sprintf(cp, " %d:", num);
++ (void)snprintf(cp, sizeof(buf) - strlen(buf), " %d:", num);
+ cp = buf + strlen(buf);
+
+ size = ihp->ird_addrsiz;
+ if (size != 2) {
+- (void)sprintf(cp, " [size %d]", size);
++ (void)snprintf(cp, sizeof(buf) - strlen(buf), " [size %d]", size);
+ break;
+ }
+ idp = (struct id_rdiscovery *)&dp->icmp_data;
+ while (num-- > 0) {
+ TCHECK(*idp);
+- (void)sprintf(cp, " {%s %u}",
++ (void)snprintf(cp, sizeof(buf) - strlen(buf), " {%s %u}",
+ ipaddr_string(&idp->ird_addr),
+ EXTRACT_32BITS(&idp->ird_pref));
+ cp = buf + strlen(buf);
+@@ -321,25 +321,25 @@
+ break;
+
+ default:
+- (void)sprintf(buf, "time exceeded-#%d", dp->icmp_code);
++ (void)snprintf(buf, sizeof(buf), "time exceeded-#%d", dp->icmp_code);
+ break;
+ }
+ break;
+
+ case ICMP_PARAMPROB:
+ if (dp->icmp_code)
+- (void)sprintf(buf, "parameter problem - code %d",
++ (void)snprintf(buf, sizeof(buf), "parameter problem - code %d",
+ dp->icmp_code);
+ else {
+ TCHECK(dp->icmp_pptr);
+- (void)sprintf(buf, "parameter problem - octet %d",
++ (void)snprintf(buf, sizeof(buf), "parameter problem - octet %d",
+ dp->icmp_pptr);
+ }
+ break;
+
+ case ICMP_MASKREPLY:
+ TCHECK(dp->icmp_mask);
+- (void)sprintf(buf, "address mask is 0x%08x",
++ (void)snprintf(buf, sizeof(buf), "address mask is 0x%08x",
+ (u_int32_t)ntohl(dp->icmp_mask));
+ break;
+
+Index: print-sunrpc.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-sunrpc.c,v
+retrieving revision 1.4
+diff -u -r1.4 print-sunrpc.c
+--- print-sunrpc.c 1998/09/15 19:46:59 1.4
++++ print-sunrpc.c 2000/10/30 10:28:59
+@@ -126,7 +126,9 @@
+ rp = getrpcbynumber(prog);
+ if (rp == NULL)
+ (void) sprintf(buf, "#%u", prog);
+- else
+- strcpy(buf, rp->r_name);
++ else {
++ strncpy(buf, rp->r_name, sizeof(buf)-1);
++ buf[sizeof(buf)-1] = '\0';
++ }
+ return (buf);
+ }
+Index: util.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/util.c,v
+retrieving revision 1.1.1.3
+diff -u -r1.1.1.3 util.c
+--- util.c 1998/09/15 19:36:31 1.1.1.3
++++ util.c 2000/10/30 10:29:01
+@@ -154,7 +154,7 @@
+ }
+ if (fmt == NULL)
+ fmt = "#%d";
+- (void)sprintf(buf, fmt, v);
++ (void)snprintf(buf, sizeof(buf), fmt, v);
+ return (buf);
+ }
+