--- src/metamail/metamail.c.old 1994-02-17 02:57:19.000000000 +0100 +++ src/metamail/metamail.c 2004-02-07 17:33:13.000000000 +0100 @@ -1202,9 +1202,9 @@ fprintf(outfp, "Content-type: %s", ContentType); for (j=0; j<CParamsUsed; ++j) { fprintf(outfp, " ; "); - fprintf(outfp, CParams[j]); + fprintf(outfp, "%s", CParams[j]); fprintf(outfp, " = "); - fprintf(outfp, CParamValues[j]); + fprintf(outfp, "%s", CParamValues[j]); } fprintf(outfp, "\n\n"); TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType); @@ -2022,7 +2022,8 @@ if (lc2strcmp(charset, PrevCharset)) { char *s2, *charsetinuse; - strcpy(PrevCharset, charset); + strncpy(PrevCharset, charset, sizeof(PrevCharset)); + PrevCharset[sizeof(PrevCharset) - 1] = '\0'; for (s2=PrevCharset; *s2; ++s2) { if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2); } @@ -2032,7 +2033,7 @@ } } if (ecode == ENCODING_NONE) { - printf(txt+1); + printf("%s", txt+1); } else { /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */ MkTmpFileName(TmpFile); --- src/metamail/splitmail.c.old 1994-01-31 23:23:14.000000000 +0100 +++ src/metamail/splitmail.c 2004-02-07 17:35:26.000000000 +0100 @@ -361,7 +361,8 @@ } if (!ULstrcmp(s, "subject")) { *colon = ':'; - strcpy(SubjectBuf, ++colon); + strncpy(SubjectBuf, ++colon, sizeof(SubjectBuf)); + SubjectBuf[sizeof(SubjectBuf) - 1] = '\0'; return(0); } if (!ULstrcmp(s, "content-type")) {