--- cgi/cgi.c.orig	Fri Dec  2 10:34:04 2005
+++ cgi/cgi.c	Mon May  8 16:54:19 2006
@@ -646,7 +646,7 @@ static void _launch_debugger (CGI *cgi, 
 
   if (!pid)
   {
-    sprintf(buffer, debugger, display, Argv0, myPid);
+    snprintf(buffer, sizeof(buffer), debugger, display, Argv0, myPid);
     execl("/bin/sh", "sh", "-c", buffer, NULL);
   }
   else
@@ -1341,11 +1341,11 @@ NEOERR *cgi_output (CGI *cgi, STRING *st
 	  {
 	    if (use_gzip)
 	    {
-	      /* I'm using sprintf instead of cgiwrap_writef since
+	      /* I'm using snprintf instead of cgiwrap_writef since
 	       * the wrapper writef might not handle values with
 	       * embedded NULLs... though I should fix the python one
 	       * now as well */
-	      sprintf(gz_buf, "%c%c%c%c%c%c%c%c%c%c", gz_magic[0], gz_magic[1],
+	      snprintf(gz_buf, sizeof(gz_buf), "%c%c%c%c%c%c%c%c%c%c", gz_magic[0], gz_magic[1],
 		  Z_DEFLATED, 0 /*flags*/, 0,0,0,0 /*time*/, 0 /*xflags*/,
 		  OS_CODE);
 	      err = cgiwrap_write(gz_buf, 10);
@@ -1357,7 +1357,7 @@ NEOERR *cgi_output (CGI *cgi, STRING *st
 	    if (use_gzip)
 	    {
 	      /* write crc and len in network order */
-	      sprintf(gz_buf, "%c%c%c%c%c%c%c%c",
+	      snprintf(gz_buf, sizeof(gz_buf), "%c%c%c%c%c%c%c%c",
 		  (0xff & (crc >> 0)),
 		  (0xff & (crc >> 8)),
 		  (0xff & (crc >> 16)),