--- server/misc.c.orig	Mon Jul  3 17:58:30 2000
+++ server/misc.c	Mon Jul  3 18:01:42 2000
@@ -650,17 +650,19 @@ int cxnum ;
     if (client->username && client->username[0]) {
       if (client->groupname && client->groupname[0]) {
-	sprintf(dichome, "%s/%s:%s/%s:%s",
+	if (snprintf(dichome, sizeof(dichome), "%s/%s:%s/%s:%s",
 		DDUSER, client->username,
 		DDGROUP, client->groupname,
-		DDPATH);
+		DDPATH) >= sizeof(dichome))
+		return -1;
       }
       else {
-	sprintf(dichome, "%s/%s:%s",
+	if (snprintf(dichome, sizeof(dichome), "%s/%s:%s",
 		DDUSER, client->username,
-		DDPATH);
+		DDPATH) >= sizeof(dichome))
+		return -1;
       }
     }
     else {
-      strcpy(dichome, DDPATH);
+      strlcpy(dichome, DDPATH, sizeof(dichome));
     }
 
