--- /dev/null
+--- libxml-1.8.17.orig/nanoftp.c
++++ libxml-1.8.17/nanoftp.c
+@@ -65,6 +65,8 @@
+ #define FTP_GET_PASSWD 331
+ #define FTP_BUF_SIZE 512
+
++#define XML_NANO_MAX_URLBUF 4096
++
+ typedef struct xmlNanoFTPCtxt {
+ char *protocol; /* the protocol name */
+ char *hostname; /* the host name */
+@@ -203,7 +205,7 @@
+ xmlNanoFTPScanURL(void *ctx, const char *URL) {
+ xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
+ const char *cur = URL;
+- char buf[4096];
++ char buf[XML_NANO_MAX_URLBUF];
+ int index = 0;
+ int port = 0;
+
+@@ -221,7 +223,7 @@
+ }
+ if (URL == NULL) return;
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF - 1)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ ctxt->protocol = xmlMemStrdup(buf);
+@@ -263,7 +265,7 @@
+ else {
+ index = 0;
+ buf[index] = 0;
+- while (*cur != 0)
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
+ buf[index++] = *cur++;
+ buf[index] = 0;
+ ctxt->path = xmlMemStrdup(buf);
+@@ -288,7 +290,7 @@
+ xmlNanoFTPUpdateURL(void *ctx, const char *URL) {
+ xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
+ const char *cur = URL;
+- char buf[4096];
++ char buf[XML_NANO_MAX_URLBUF];
+ int index = 0;
+ int port = 0;
+
+@@ -301,7 +303,7 @@
+ if (ctxt->hostname == NULL)
+ return(-1);
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ if (strcmp(ctxt->protocol, buf))
+@@ -353,7 +355,7 @@
+ else {
+ index = 0;
+ buf[index] = 0;
+- while (*cur != 0)
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
+ buf[index++] = *cur++;
+ buf[index] = 0;
+ ctxt->path = xmlMemStrdup(buf);
+@@ -374,7 +376,7 @@
+ void
+ xmlNanoFTPScanProxy(const char *URL) {
+ const char *cur = URL;
+- char buf[4096];
++ char buf[XML_NANO_MAX_URLBUF];
+ int index = 0;
+ int port = 0;
+
+@@ -393,7 +395,7 @@
+ #endif
+ if (URL == NULL) return;
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ index = 0;
+--- libxml-1.8.17.orig/nanohttp.c
++++ libxml-1.8.17/nanohttp.c
+@@ -161,6 +161,7 @@
+ const char *cur = URL;
+ char buf[4096];
+ int index = 0;
++ const int indexMax = 4096 - 1;
+ int port = 0;
+
+ if (ctxt->protocol != NULL) {
+@@ -177,7 +178,7 @@
+ }
+ if (URL == NULL) return;
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < indexMax)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ ctxt->protocol = xmlMemStrdup(buf);
+@@ -219,7 +220,7 @@
+ else {
+ index = 0;
+ buf[index] = 0;
+- while (*cur != 0)
++ while ((*cur != 0) && (index < indexMax))
+ buf[index++] = *cur++;
+ buf[index] = 0;
+ ctxt->path = xmlMemStrdup(buf);
+@@ -241,6 +242,7 @@
+ const char *cur = URL;
+ char buf[4096];
+ int index = 0;
++ const int indexMax = 4096 - 1;
+ int port = 0;
+
+ if (proxy != NULL) {
+@@ -258,7 +260,7 @@
+ #endif
+ if (URL == NULL) return;
+ buf[index] = 0;
+- while (*cur != 0) {
++ while ((*cur != 0) && (index < indexMax)) {
+ if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
+ buf[index] = 0;
+ index = 0;