diff -ur gaim-0.75/src/proxy.c gaim-0.76-preSecurity.plasmaroo/src/proxy.c
--- gaim-0.75/src/proxy.c	2004-01-10 04:04:56.000000000 +0000
+++ gaim-0.76-preSecurity.plasmaroo/src/proxy.c	2004-01-26 19:05:59.000000000 +0000
@@ -974,7 +974,7 @@
 
 	gaim_input_remove(phb->inpa);
 
-	while ((nlc != 2) && (read(source, &inputline[pos++], 1) == 1)) {
+	while ((pos < sizeof(inputline)-1) && (nlc != 2) && (read(source, &inputline[pos++], 1) == 1)) {
 		if (inputline[pos - 1] == '\n')
 			nlc++;
 		else if (inputline[pos - 1] != '\r')
diff -ur gaim-0.75/src/util.c gaim-0.76-preSecurity.plasmaroo/src/util.c
--- gaim-0.75/src/util.c	2004-01-10 04:04:56.000000000 +0000
+++ gaim-0.76-preSecurity.plasmaroo/src/util.c	2004-01-26 19:05:59.000000000 +0000
@@ -247,24 +247,71 @@
 /**************************************************************************
  * Quoted Printable Functions
  **************************************************************************/
-void
-gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len)
+static void hex(const char **p, const char *end, unsigned char *n)
 {
-	char *p, *n, *new;
+	int i, c;
 
-	n = new = g_malloc(strlen (str) + 1);
+	for (i = 0, c = 0; i < 2 && *p < end; ++i, ++*p) {
+		c <<= 4;
+		switch (**p) {
+		case '0': break;
+		case '1': c += 1; break;
+		case '2': c += 2; break;
+		case '3': c += 3; break;
+		case '4': c += 4; break;
+		case '5': c += 5; break;
+		case '6': c += 6; break;
+		case '7': c += 7; break;
+		case '8': c += 8; break;
+		case '9': c += 9; break;
+		case 'a': c += 10; break;
+		case 'b': c += 11; break;
+		case 'c': c += 12; break;
+		case 'd': c += 13; break;
+		case 'e': c += 14; break;
+		case 'f': c += 15; break;
+		case 'A': c += 10; break;
+		case 'B': c += 11; break;
+		case 'C': c += 12; break;
+		case 'D': c += 13; break;
+		case 'E': c += 14; break;
+		case 'F': c += 15; break;
+		default:
+			  if (i == 0) {
+				  *n = **p;
+				  ++*p;
+				  return;
+			  }
+			  c >>= 4;
+			  goto done;
+		}
+	}
+done:
+	*n = (c > UCHAR_MAX) ? '?' : c;
+	return;
+}
 
-	for (p = (char *)str; *p; p++, n++) {
+void
+gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len)
+{
+	const char *p, *end;
+	unsigned char *n, *new;
+	size_t len;
+
+	len = strlen (str);
+	n = new = g_malloc(len + 1);
+	p = str;
+	end = &p[len];
+	while (p < end) {
 		if (*p == '=') {
-			sscanf(p + 1, "%2x\n", (int *)n);
-			p += 2;
-		}
-		else if (*p == '_')
+			++p;
+			hex(&p, end, n);
+		} else if (*p == '_')
 			*n = ' ';
 		else
 			*n = *p;
+		++n;
 	}
-
 	*n = '\0';
 
 	if (ret_len)
@@ -1962,7 +2009,7 @@
 			   char **ret_path)
 {
 	char scan_info[255];
-	char port_str[5];
+	char port_str[6];
 	int f;
 	const char *turl;
 	char host[256], path[256];
@@ -1982,16 +2029,21 @@
 	}
 
 	g_snprintf(scan_info, sizeof(scan_info),
-			   "%%[%s]:%%[%s]/%%[%s]", addr_ctrl, port_ctrl, page_ctrl);
+			   "%%255[%s]:%%5[%s]/%%255[%s]", addr_ctrl, port_ctrl, page_ctrl);
+	addr_ctrl[sizeof(addr_ctrl)-1] = '\0';
+	port_ctrl[sizeof(port_ctrl)-1] = '\0';
+	page_ctrl[sizeof(page_ctrl)-1] = '\0';
 
 	f = sscanf(url, scan_info, host, port_str, path);
 
 	if (f == 1)
 	{
 		g_snprintf(scan_info, sizeof(scan_info),
-				   "%%[%s]/%%[%s]",
+				   "%%255[%s]/%%255[%s]",
 				   addr_ctrl, page_ctrl);
 		f = sscanf(url, scan_info, host, path);
+		addr_ctrl[sizeof(addr_ctrl)-1] = '\0';
+		page_ctrl[sizeof(page_ctrl)-1] = '\0';
 		g_snprintf(port_str, sizeof(port_str), "80");
 	}
 
@@ -2081,9 +2133,14 @@
 static size_t
 parse_content_len(const char *data, size_t data_len)
 {
-	size_t content_len = 0;
+	int content_len = 0;
+	char *tmp;
 
-	sscanf(data, "Content-Length: %d", (int *)&content_len);
+	tmp = g_malloc(data_len + 1);
+	memcpy(tmp, data, data_len);
+	tmp[data_len] = '\0';
+	sscanf(tmp, "Content-Length: %d", &content_len);
+	g_free(tmp);
 
 	return content_len;
 }