--- ckcfns.c +++ ckcfns.c @@ -5557,7 +5557,7 @@ fromgetpath = 0; if (server && !isabsolute(filnam) && (ngetpath > i)) { ckstrncpy(fullname,getpath[i],CKMAXPATH+1); - strncat(fullname,filnam,CKMAXPATH); + strncat(fullname,filnam,CKMAXPATH-strlen(fullname)-1); debug(F111,"gnfile getpath",fullname,i); fromgetpath = 1; i++; --- ckcftp.c +++ ckcftp.c @@ -1899,8 +1899,8 @@ if (t2 > -1L) { ftplogprev = t2; p = hhmmss(t2); - strncat(ftplogbuf,"E=",CXLOGBUFL); /* Append to log record */ - strncat(ftplogbuf,p,CXLOGBUFL); + strncat(ftplogbuf,"E=",CXLOGBUFL-strlen(ftplogbuf)-1); /* Append to log record */ + strncat(ftplogbuf,p,CXLOGBUFL-strlen(ftplogbuf)-1); } else ftplogprev = 0L; debug(F101,"ftp cx log dialog","",dialog); --- ckuus3.c +++ ckuus3.c @@ -4653,8 +4653,8 @@ cx_prev = t2; p = hhmmss(t2); debug(F110,"dologend hhmmss",p,0); - strncat(cxlogbuf,"E=",CXLOGBUFL); /* Append to log record */ - strncat(cxlogbuf,p,CXLOGBUFL); + strncat(cxlogbuf,"E=",CXLOGBUFL-strlen(cxlogbuf)-1); /* Append to log record */ + strncat(cxlogbuf,p,CXLOGBUFL-strlen(cxlogbuf)-1); debug(F110,"dologend cxlogbuf 2",cxlogbuf,0); } else cx_prev = 0L; --- ckuus4.c +++ ckuus4.c @@ -8147,8 +8147,8 @@ char *p = bp[0]; /* Reuse this space */ *p = NUL; /* Make into dodo() arg list */ for (i = 1; i < argn; i++) { - strncat(p,bp[i],MAXARGLEN); - strncat(p," ",MAXARGLEN); + strncat(p,bp[i],MAXARGLEN-strlen(p)-1); + strncat(p," ",MAXARGLEN-strlen(p)-1); } s = bp[0]; /* Point to new list */ } --- ckuus7.c +++ ckuus7.c @@ -10449,8 +10449,8 @@ if ((x = cmtxt("Rest of command","",&s,xxstring)) < 0) return(x); if (*s) { - strncat(line," ",LINBUFSIZ); - strncat(line,s,LINBUFSIZ); + strncat(line," ",LINBUFSIZ-strlen(line)-1); + strncat(line,s,LINBUFSIZ-strlen(line)-1); } s = line; }