$OpenBSD$
--- filemenu.c.orig	Mon Feb 14 19:55:28 2011
+++ filemenu.c	Mon Feb 14 20:00:51 2011
@@ -86,19 +86,19 @@ static void changeDir (char *dir)
     
     if (!strcmp (dir, "../")) {
 	 for(i=0, j=0; cwd[i]; i++) if (cwd[i] == '/') j++;
-	 if( j == 1 ) strcpy (str, "/");
+	 if( j == 1 ) strlcpy (str, "/", 512);
 	 else {
 	   char *c;
 	   c = rindex (cwd, '/');
 	   *c = '\0';
-	   strcpy (str, cwd);
+	   strlcpy (str, cwd, 512);
 	 }
     } else {
 	if (!strcmp (cwd, "/")) cwd[0] = '\0';
-	sprintf (str, "%s/%s", cwd, dir);
+	snprintf (str, 512, "%s/%s", cwd, dir);
 	str[strlen (str) - 1]='\0';
     }
-    strcpy(cwd, str);
+    strlcpy(cwd, str, MAXPATHLEN);
 }
 
 
@@ -116,13 +116,13 @@ static int InList (const struct dirent *directory_entr
     if (entry->d_name[0] == '.' && entry->d_name[1] != '.')
 	return False;				/* ignore hidden files */
     if (strcmp (cwd, "")) 			/* give full path name */
-    	sprintf (pathname, "%s/%s", cwd, entry->d_name);
+    	snprintf (pathname, 512, "%s/%s", cwd, entry->d_name);
     else
-    	strcpy (pathname, entry->d_name);
+    	strlcpy (pathname, entry->d_name, 512);
     if (stat (pathname, &statbuf) == -1) return False;
 
     if (statbuf.st_mode & S_IFDIR) {		/* is directory */
-	strcat(entry->d_name, "/");
+	strlcat(entry->d_name, "/", MAXNAMLEN + 1);
 	++(entry->d_reclen);
 	return True;
     }
@@ -191,7 +191,7 @@ static void DisplayMenuFile (Widget w, Widget popupshe
 	File ();			/* pop it up */
     } else {
 	char *v[2], *flag = "m";
-	sprintf(path_and_filename,"%s/%s", cwd, filename);
+	snprintf(path_and_filename, MAXPATHLEN, "%s/%s", cwd, filename);
 	v[0] = flag;
 	v[1] = path_and_filename;
 	load (0L, 0L, v, 0);
@@ -221,7 +221,7 @@ static void CreateFilePopup(char *dir) 
     popup_pane = XtCreateManagedWidget ("popup_pane", panedWidgetClass, popupshell, NULL, 0);
 
     ScanDir (dir);
-    strcpy  (file_listDir, dir);
+    strlcpy  (file_listDir, dir, MAXPATHLEN);
 
     path_label = XtCreateManagedWidget (dir, labelWidgetClass, popup_pane, NULL, 0);
 
