$OpenBSD: patch-util_neo_str_c,v 1.5 2016/04/28 15:34:14 sthen Exp $
--- util/neo_str.c.orig	Mon Aug  7 21:01:53 2006
+++ util/neo_str.c	Thu Apr 28 16:33:48 2016
@@ -122,7 +122,7 @@ NEOERR *string_append (STRING *str, const char *buf)
   l = strlen(buf);
   err = string_check_length (str, l);
   if (err != STATUS_OK) return nerr_pass (err);
-  strcpy(str->buf + str->len, buf);
+  strlcpy(str->buf + str->len, buf, str->max - str->len);
   str->len += l;
 
   return STATUS_OK;
@@ -174,7 +174,7 @@ NEOERR *string_appendvf (STRING *str, const char *fmt,
   err = string_check_length (str, bl+1);
   if (err != STATUS_OK) return nerr_pass (err);
   va_copy(tmp, ap);
-  vsprintf (str->buf + str->len, fmt, tmp);
+  vsnprintf (str->buf + str->len, str->max - str->len, fmt, tmp);
   str->len += bl;
   str->buf[str->len] = '\0';
 
@@ -581,7 +581,7 @@ char *repr_string_alloc (const char *s)
 	  rs[i++] = '\\';
 	  break;
 	default:
-	  sprintf(&(rs[i]), "%03o", (s[x] & 0377));
+	  snprintf(&(rs[i]), nl+3-i,  "%03o", (s[x] & 0377));
 	  i += 3;
 	  break;
       }
