--- xloadimage.4.1/config.c.foo	Thu Jun 28 00:08:20 2001
+++ xloadimage.4.1/config.c	Thu Jun 28 00:10:30 2001
@@ -256,7 +256,7 @@
       }
       break;
     case parse_filter_name: /* name of filter program */
-      strcpy(filter_name, buf);
+      strncpy(filter_name, buf, BUFSIZ - 1);
       state= parse_filter_extension;
       break;
     case parse_filter_extension:
@@ -454,7 +454,7 @@
 #endif
     else if(*p == '~') {
       buf1[b1] = '\0';
-      strcat(buf1, getenv("HOME"));
+      strncat(buf1, getenv("HOME"), BUFSIZ - 1);
       b1 = strlen(buf1);
       var = 0;
     }
@@ -462,7 +462,7 @@
       if(var) {
 	buf1[b1] = '\0';
 	buf2[b2] = '\0';
-	strcat(buf1, getenv(buf2));
+	strncat(buf1, getenv(buf2), BUFSIZ - strlen(buf1) - 1);
 	b1 = strlen(buf1);
 	buf2[0] = '\0';
 	b2 = 0;
--- xloadimage.4.1/imagetypes.c.foo	Thu Jun 28 00:10:49 2001
+++ xloadimage.4.1/imagetypes.c	Thu Jun 28 00:11:27 2001
@@ -145,7 +145,7 @@
     optptr++; /* skip comma */
   }
   else
-    strcpy(typename, type);
+    strncpy(typename, type, 31);
 
   for (a= 0; ImageTypes[a].loader; a++)
     if (!strncmp(ImageTypes[a].type, typename, strlen(typename))) {
--- xloadimage.4.1/faces.c.foo	Thu Jun 28 00:11:35 2001
+++ xloadimage.4.1/faces.c	Thu Jun 28 00:18:30 2001
@@ -136,7 +136,7 @@
 
   image= newRGBImage(w, h, d);
   fname[strlen(fname) - 1]= ' ';
-  strcat(fname, lname);
+  strncat(fname, lname, BUFSIZ - strlen(fname) -1);
   fname[strlen(fname) - 1]= '\0';
   image->title= dupString(fname);
 

.