--- efax.c.orig	Sat Mar 27 15:24:10 1999
+++ efax.c	Wed Jan 30 15:38:17 2008
@@ -606,7 +606,7 @@ int send_data ( TFILE *mf, IFILE *f, int page, int pag
   if ( ckfmt ( header, 6 ) )
     msg ( "W too many %%d escapes in header format string \"%s\"", header ) ;
   else
-    sprintf ( headerbuf, header, page, pages, page, pages, page, pages ) ;
+    snprintf ( headerbuf, sizeof headerbuf, header, page, pages, page, pages, page, pages ) ;
   msg ("I header:[%s]", headerbuf ) ;
       
   done = err = ttymode ( mf, SEND ) ; 
@@ -1658,7 +1658,8 @@ int c2sndrcv (
     err = rdpage ( inf, dp, &ppm, local, &changed ) ;
 
     if ( ! err && changed ) {
-      sprintf ( buf, c20 ? "+FIS=%d,%d,%d,%d" : "+FDIS=%d,%d,%d,%d", 
+      snprintf ( buf, sizeof buf,
+      	       c20 ? "+FIS=%d,%d,%d,%d" : "+FDIS=%d,%d,%d,%d", 
 	       local[0], local[1], local[2], local[3] ) ;
       ckcmd ( mf, 0, buf, TO_FT, OK ) ;
       if ( gethsc ( &hsc, &err ) ) {
@@ -1816,7 +1817,7 @@ int dial ( TFILE *f, char *s, int nowait )
   int err=0, hsc=-1 ;
   char c, dsbuf [ 128 ], *p ;
 
-  sprintf ( dsbuf, nowait ? "D%.126s;" : "D%.127s" , s ) ;
+  snprintf ( dsbuf, sizeof dsbuf, nowait ? "D%.126s;" : "D%.127s" , s ) ;
   msg ( "Idialing %s", dsbuf+1 ) ;
 
   c = cmd ( f, dsbuf, TO_A ) ;
@@ -1944,7 +1945,7 @@ int answer ( TFILE *f, char **lkfile, 
 	if ( ckfmt ( getty, 6 ) ) {
 	  err = msg ( "E3 too many %%d escapes in command (%s)", getty ) ;
 	} else {
-	  sprintf ( buf, getty, crate, crate, crate, crate, crate, crate ) ;
+	  snprintf ( buf, sizeof buf, getty, crate, crate, crate, crate, crate, crate ) ;
 	  msg ( "Iexec'ing /bin/sh -c \"%s\"" , buf ) ;
 	  execl ( "/bin/sh" , "sh" , "-c" , buf , (void*) 0 ) ; 
 	  err = msg ( "ES2exec failed:" ) ;
@@ -1963,7 +1964,7 @@ int answer ( TFILE *f, char **lkfile, 
 	char buf [ MAXGETTY ] ;
 	if ( ckfmt ( vcmd, 6 ) ) {
 	} else {
-	  sprintf ( buf, vcmd, f->fd, f->fd, f->fd, f->fd, f->fd, f->fd ) ;
+	  snprintf ( buf, sizeof buf, vcmd, f->fd, f->fd, f->fd, f->fd, f->fd, f->fd ) ;
 	  msg ( "Iexec'ing /bin/sh -c \"%s\"" , buf ) ;
 	  execl ( "/bin/sh" , "sh" , "-c" , buf , (void*) 0 ) ; 
 	  err = msg ( "ES2exec failed:" ) ;
@@ -2090,13 +2091,13 @@ int modem_init ( TFILE *mf, cap c, char *id, 
     }
 
     if ( capsset ) {
-      sprintf ( buf, c20 ? "+FCC=%d,%d,%d,%d,%d,%d,%d,%d" : 
+      snprintf ( buf, sizeof buf, c20 ? "+FCC=%d,%d,%d,%d,%d,%d,%d,%d" : 
 		"+FDCC=%d,%d,%d,%d,%d,%d,%d,%d", 
 		c[0], c[1], c[2], c[3], c[4], c[5], c[6], c[7] ) ;
       ckcmd ( mf, 0, buf, -t, OK ) ;
     }
     
-    sprintf ( buf, c20 ? "+FLI=\"%.*s\"" : "+FLID=\"%.*s\"" , 
+    snprintf ( buf, sizeof buf, c20 ? "+FLI=\"%.*s\"" : "+FLID=\"%.*s\"" , 
 	     CMDBUFSIZE-9, id ) ;
     ckcmd ( mf, 0, buf, -t, OK ) ;
 
@@ -2104,7 +2105,7 @@ int modem_init ( TFILE *mf, cap c, char *id, 
 
       ckcmd ( mf, 0, c20 ? "+FSP=1" : "+FSPL=1", -t, OK ) ;
 
-      sprintf ( buf, c20 ? "+FPI=\"%.*s\"" : "+FCIG=\"%.*s\"" , 
+      snprintf(buf, sizeof buf, c20 ? "+FPI=\"%.*s\"" : "+FCIG=\"%.*s\"" , 
 	       CMDBUFSIZE-9, id ) ;
       ckcmd ( mf, 0, buf, -t, OK ) ;
 
@@ -2209,7 +2210,7 @@ int main( int argc, char **argv)
 	msg("Wlocal ID (%s) truncated to %d characters", nxtoptarg, IDLEN ) ;
       if ( strspn ( nxtoptarg, " +0123456789" ) != strlen ( nxtoptarg ) )
 	msg("Wlocal ID (%s) has non-standard characters", nxtoptarg ) ;
-      sprintf ( localid, "%*.*s", IDLEN, IDLEN, nxtoptarg ) ;
+      snprintf ( localid, sizeof localid, "%*.*s", IDLEN, IDLEN, nxtoptarg ) ;
       break ;
     case 'i': 
       if ( nicmd[0] < MAXICMD ) icmd[0][ nicmd[0]++ ] = nxtoptarg ;
@@ -2307,7 +2308,7 @@ int main( int argc, char **argv)
     char tmp [ MAXLINELEN ] ;
     now = time ( 0 ) ;
     strftime ( tmp, MAXLINELEN, "%c %%s   P. %%%%d", localtime ( &now ) ) ;
-    sprintf ( header = headerbuf, tmp, localid ) ;
+    snprintf ( header = headerbuf, sizeof headerbuf, tmp, localid ) ;
   }
 
   if ( ! err ) {