--- metamail/metamail.c +++ metamail/metamail.c 2006-02-23 18:56:04.000000000 +0100 @@ -445,7 +445,7 @@ } LineBuf = malloc(LINE_BUF_SIZE); if (!LineBuf) ExitWithError(nomem); - sprintf(LineBuf, "--%s", boundary); + snprintf(LineBuf, LINE_BUF_SIZE, "--%s", boundary); strcpy(boundary, LineBuf); boundarylen = strlen(boundary); if (BoundaryCt >= BoundaryAlloc) { @@ -1202,9 +1202,9 @@ fprintf(outfp, "Content-type: %s", ContentType); for (j=0; j= BoundaryAlloc) { --- metamail/splitmail.c +++ metamail/splitmail.c 2006-02-23 18:55:01.000000000 +0100 @@ -194,7 +194,7 @@ s = endofheader(from); /* would be index(from, '\n'), but need to check for continuation lines */ *s = '\0'; - if (ShareThisHeader(from, SubjectBuf, &OrigID)) { + if (ShareThisHeader(from, SubjectBuf, sizeof(SubjectBuf), &OrigID)) { strcat(SharedHeaders, from); strcat(SharedHeaders, "\n"); } @@ -339,9 +339,10 @@ NULL }; -ShareThisHeader(s, SubjectBuf, OrigID) +ShareThisHeader(s, SubjectBuf, SubjectBufLen, OrigID) char *s; char *SubjectBuf; +size_t SubjectBufLen; char **OrigID; { int i; @@ -361,7 +362,8 @@ } if (!ULstrcmp(s, "subject")) { *colon = ':'; - strcpy(SubjectBuf, ++colon); + strncpy(SubjectBuf, ++colon, SubjectBufLen); + SubjectBuf[SubjectBufLen - 1] = '\0'; return(0); } if (!ULstrcmp(s, "content-type")) {