diff -ruN hfaxd/HylaFAXServer.c++.orig hfaxd/HylaFAXServer.c++
--- hfaxd/HylaFAXServer.c++.orig	Sun Jun 13 00:41:13 1999
+++ hfaxd/HylaFAXServer.c++	Mon Jun 12 21:52:40 2000
@@ -161,9 +161,9 @@
 {
     char fmt[128];
     if (module != NULL)
-	sprintf(fmt, "%s: Warning, %s.", module, fmt0);
+	snprintf(fmt, sizeof(fmt), "%s: Warning, %s.", module, fmt0);
     else
-	sprintf(fmt, "Warning, %s.", fmt0);
+	snprintf(fmt, sizeof(fmt), "Warning, %s.", fmt0);
     vlogError(fmt, ap);
 }
 
@@ -172,9 +172,9 @@
 {
     char fmt[128];
     if (module != NULL)
-	sprintf(fmt, "%s: Warning, %s.", module, fmt0);
+	snprintf(fmt, sizeof(fmt), "%s: Warning, %s.", module, fmt0);
     else
-	sprintf(fmt, "Warning, %s.", fmt0);
+	snprintf(fmt, sizeof(fmt), "Warning, %s.", fmt0);
     vlogWarning(fmt, ap);
 }
 
@@ -530,7 +530,7 @@
 	    filename, line);
 	seqnum = 1;
     }
-    sprintf(line, "%u", NEXTSEQNUM(seqnum+count));
+    snprintf(line, sizeof(line), "%u", NEXTSEQNUM(seqnum+count));
     lseek(fd, 0, SEEK_SET);
     if (Sys::write(fd, line, strlen(line)) != strlen(line) ||
 		ftruncate(fd,strlen(line))) {
diff -ruN hfaxd/Jobs.c++.orig hfaxd/Jobs.c++
--- hfaxd/Jobs.c++.orig	Sun Jun 13 00:41:14 1999
+++ hfaxd/Jobs.c++	Mon Jun 12 21:52:40 2000
@@ -1646,7 +1646,8 @@
 		fprintf(fd, fspec, (const char*) job.company);
 		break;
 	    case 'D':
-		sprintf(tmpbuf, "%2u:%-2u", job.totdials, job.maxdials);
+		snprintf(tmpbuf, sizeof(tmpbuf), "%2u:%-2u", job.totdials, 
+			job.maxdials);
 		fprintf(fd, fspec, tmpbuf);
 		break;
 	    case 'E':
@@ -1683,7 +1684,8 @@
 		fprintf(fd, fspec, "N "[job.useccover]);
 		break;
 	    case 'P':
-		sprintf(tmpbuf, "%2u:%-2u", job.npages, job.totpages);
+		snprintf(tmpbuf, sizeof(tmpbuf), "%2u:%-2u", job.npages,
+			job.totpages);
 		fprintf(fd, fspec, tmpbuf);
 		break;
 	    case 'Q':
@@ -1696,11 +1698,12 @@
 		fprintf(fd, fspec, (const char*) job.sender);
 		break;
 	    case 'T':
-		sprintf(tmpbuf, "%2u:%-2u", job.tottries, job.maxtries);
+		snprintf(tmpbuf, sizeof(tmpbuf), "%2u:%-2u", job.tottries,
+			job.maxtries);
 		fprintf(fd, fspec, tmpbuf);
 		break;
 	    case 'U':
-		sprintf(tmpbuf, "%.1f", job.chopthreshold);
+		snprintf(tmpbuf, sizeof(tmpbuf), "%.1f", job.chopthreshold);
 		fprintf(fd, fspec, tmpbuf);
 		break;
 	    case 'V':
diff -ruN hfaxd/OldProtocol.c++.orig hfaxd/OldProtocol.c++
--- hfaxd/OldProtocol.c++.orig	Sun Jun 13 00:41:15 1999
+++ hfaxd/OldProtocol.c++	Mon Jun 12 21:52:40 2000
@@ -352,8 +352,8 @@
 OldProtocolServer::vsendClient(const char* tag, const char* fmt, va_list ap)
 {
     char buf[2048];
-    sprintf(buf, "%s:", tag);
-    vsprintf(strchr(buf,'\0'), fmt, ap);
+    snprintf(buf, sizeof(buf), "%s:", tag);
+    vsnprintf(strchr(buf,'\0'), sizeof(buf) - (strchr(buf,'\0') - buf), fmt, ap);
     fprintf(stdout, "%s\n", buf);
     if (TRACE(PROTOCOL))
 	logDebug("%s", buf);
@@ -472,19 +472,19 @@
     buf[0] = '\0';
     if (pwd->pw_gecos) {
 	if (pwd->pw_gecos[0] == '&') {
-	    strcpy(buf, pwd->pw_name);
-	    strcat(buf, pwd->pw_gecos+1);
+	    strlcpy(buf, pwd->pw_name, sizeof(buf));
+	    strlcat(buf, pwd->pw_gecos+1, sizeof(buf));
 	    if (islower(buf[0]))
 		buf[0] = toupper(buf[0]);
 	} else
-	    strcpy(buf, pwd->pw_gecos);
+	    strlcpy(buf, pwd->pw_gecos, sizeof(buf));
 	if ((cp = strchr(buf,',')) != 0)
 	    *cp = '\0';
 	/* see FaxClient::setupUserIdentity; strip SysV junk */
 	if ((cp = strchr(buf,'(')) != 0)
 	    *cp = '\0';
     } else
-	strcpy(buf, pwd->pw_name);
+	strlcpy(buf, pwd->pw_name, sizeof(buf));
     if (TRACE(PROTOCOL)) {
 	if (*buf)
 	     logDebug("%s user: \"%s\"", pwd->pw_name, buf);
diff -ruN hfaxd/Status.c++.orig hfaxd/Status.c++
--- hfaxd/Status.c++.orig	Sun Jun 13 00:41:16 1999
+++ hfaxd/Status.c++	Mon Jun 12 21:52:40 2000
@@ -260,16 +260,16 @@
 		break;
 	    case 'r':
 		if (config.maxRecvPages == (u_int) -1)
-		    strcpy(tmpbuf, "INF");
+		    strlcpy(tmpbuf, "INF", sizeof(tmpbuf));
 		else
-		    sprintf(tmpbuf, "%u", config.maxRecvPages);
+		    snprintf(tmpbuf, sizeof(tmpbuf), "%u", config.maxRecvPages);
 		fprintf(fd, fspec, config.maxRecvPages);
 		break;
 	    case 's':
 		fprintf(fd, fspec, (const char*) config.status);
 		break;
 	    case 't':
-		sprintf(tmpbuf, "%05x:%05x",
+		snprintf(tmpbuf, sizeof(tmpbuf), "%05x:%05x",
 		    config.tracingLevel&0xfffff,
 		    config.logTracingLevel&0xfffff);
 		fprintf(fd, fspec, tmpbuf);
