$OpenBSD: patch-util_neo_hdf_c,v 1.5 2016/04/28 15:34:14 sthen Exp $
--- util/neo_hdf.c.orig	Sat Aug 12 00:47:01 2006
+++ util/neo_hdf.c	Thu Apr 28 16:33:48 2016
@@ -772,13 +772,14 @@ skip_search:
     }
     else if (hp->link) 
     {
-      char *new_name = (char *) malloc(strlen(hp->value) + strlen(s) + 1);
+      size_t nn_siz = strlen(hp->value) + strlen(s) + 1;
+      char *new_name = (char *) malloc(nn_siz);
       if (new_name == NULL)
       {
         return nerr_raise(NERR_NOMEM, "Unable to allocate memory");
       }
-      strcpy(new_name, hp->value);
-      strcat(new_name, s);
+      strlcpy(new_name, hp->value, nn_siz);
+      strlcat(new_name, s, nn_siz);
       err = _set_value (hdf, new_name, value, dup, wf, link, attr, set_node);
       free(new_name);
       return nerr_pass(err);
@@ -1211,8 +1212,9 @@ static NEOERR* hdf_dump_cb(HDF *hdf, const char *prefi
     {
       if (prefix && (dtype == DUMP_TYPE_DOTTED))
       {
-	p = (char *) malloc (strlen(hdf->name) + strlen(prefix) + 2);
-	sprintf (p, "%s.%s", prefix, hdf->name);
+	size_t need = strlen(hdf->name) + strlen(prefix) + 2;
+	p = (char *) malloc (need);
+	snprintf (p, need, "%s.%s", prefix, hdf->name);
 	err = hdf_dump_cb (hdf, p, dtype, lvl+1, rock, dump_cbf);
 	free(p);
       }
