diff -Nru whois-4.6.6.orig/whois.c whois-4.6.6/whois.c
--- whois-4.6.6.orig/whois.c	2003-06-15 12:36:52.000000000 -0400
+++ whois-4.6.6/whois.c	2003-08-11 15:56:57.000000000 -0400
@@ -73,12 +73,12 @@
 	/* RIPE flags */
 	if (strchr(ripeflags, ch)) {
 	    for (p = fstring; *p; p++);
-	    sprintf(p--, "-%c ", ch);
+	    snprintf(p--, sizeof(fstring), "-%c ", ch);
 	    continue;
 	}
 	if (strchr(ripeflagsp, ch)) {
 	    for (p = fstring; *p; p++);
-	    sprintf(p--, "-%c %s ", ch, optarg);
+	    snprintf(p--, sizeof(fstring), "-%c %s ", ch, optarg);
 	    if (ch == 't' || ch == 'v' || ch == 'q')
 		nopar = 1;
 	    continue;
@@ -86,7 +86,7 @@
 	/* program flags */
 	switch (ch) {
 	case 'h':
-	    server = q = malloc(strlen(optarg) + 1);
+	    server = q = xmalloc(strlen(optarg) + 1);
 	    for (p = optarg; *p && *p != ':'; *q++ = tolower(*p++));
 	    if (*p == ':')
 		port = p + 1;
@@ -122,7 +122,7 @@
 	usage();
 
     /* On some systems realloc only works on non-NULL buffers */
-    qstring = malloc(64);
+    qstring = xmalloc(64);
     *qstring = '\0';
 
     /* parse other parameters, if any */
@@ -131,11 +131,11 @@
 
 	while (1) {
 	    qslen += strlen(*argv) + 1 + 1;
-	    qstring = realloc(qstring, qslen);
-	    strcat(qstring, *argv++);
+	    qstring = xrealloc(qstring, qslen);
+	    strncat(qstring, *argv++, qslen-1);
 	    if (argc == 1)
 		break;
-	    strcat(qstring, " ");
+	    strncat(qstring, " ", qslen);
 	    argc--;
 	}
     }
@@ -401,10 +401,13 @@
 {
     char *buf;
     int i, isripe = 0;
+    int buflen = 0;
 
     /* +10 for CORE; +2 for \r\n; +1 for NULL */
-    buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 4
-	    + 10 + 2 + 1);
+    buflen = (strlen(flags) + strlen(query) + strlen(client_tag) + 4 + 10 + 2 + 1);
+
+    buf = xmalloc(buflen);
+
     *buf = '\0';
     for (i = 0; ripe_servers[i]; i++)
 	if (strcmp(server, ripe_servers[i]) == 0) {
@@ -426,23 +429,23 @@
     if (*flags) {
 	if (!isripe && strcmp(server, "whois.corenic.net") != 0)
 	    puts(_("Warning: RIPE flags used with a traditional server."));
-	strcat(buf, flags);
+	strncat(buf, flags, buflen);
     }
     /* FIXME: /e is not applied to .JP ASN */
     if (!isripe && (strcmp(server, "whois.nic.mil") == 0 ||
 	    strcmp(server, "whois.nic.ad.jp") == 0) &&
 	    strncasecmp(query, "AS", 2) == 0 && isasciidigit(query[2]))
-	sprintf(buf, "AS %s", query + 2);	/* fix query for DDN */
+	snprintf(buf, buflen, "AS %s", query + 2);	/* fix query for DDN */
     else if (!isripe && strcmp(server, "whois.corenic.net") == 0)
-	sprintf(buf, "--machine %s", query);	/* machine readable output */
+	snprintf(buf, buflen, "--machine %s", query);	/* machine readable output */
     else if (!isripe && strcmp(server, "whois.nic.ad.jp") == 0) {
 	char *lang = getenv("LANG");	/* not a perfect check, but... */
 	if (!lang || (strncmp(lang, "ja", 2) != 0))
-	    sprintf(buf, "%s/e", query);	/* ask for english text */
+	    snprintf(buf, buflen, "%s/e", query);	/* ask for english text */
 	else
-	    strcat(buf, query);
+	    strncat(buf, query, buflen);
     } else
-	strcat(buf, query);
+	strncat(buf, query, buflen);
     return buf;
 }
 
@@ -485,7 +488,7 @@
 
 		if (verb)
 		    printf(_("Detected referral to %s on %s.\n"), nq, nh);
-		strcat(nq, "\r\n");
+		strncat(nq, "\r\n", sizeof(nq));
 		fd = openconn(nh, np);
 		do_query(fd, nq);
 		continue;
@@ -511,7 +514,7 @@
     FILE *fi;
     int state = 0;
 
-    temp = malloc(strlen(query) + 1 + 2 + 1);
+    temp = xmalloc(strlen(query) + 1 + 2 + 1);
     *temp = '=';
     strcpy(temp + 1, query);
     strcat(temp, "\r\n");
@@ -531,7 +534,7 @@
 
 	    for (p = buf; *p != ':'; p++);	/* skip until colon */
 	    for (p++; *p == ' '; p++);		/* skip colon and spaces */
-	    ret = malloc(strlen(p) + 1);
+	    ret = xmalloc(strlen(p) + 1);
 	    for (q = ret; *p != '\n' && *p != '\r' && *p != ' '; *q++ = *p++)
 		; /*copy data*/
 	    *q = '\0';
@@ -553,7 +556,7 @@
     FILE *fi;
     int state = 0;
 
-    temp = malloc(strlen(query) + 5 + 2 + 1);
+    temp = xmalloc(strlen(query) + 5 + 2 + 1);
     strcpy(temp, "FULL ");
     strcat(temp, query);
     strcat(temp, "\r\n");
@@ -574,7 +577,7 @@
 	    for (p = buf; *p != ':'; p++);	/* skip until colon */
 	    for (p++; *p != ':'; p++);		/* skip until 2nd colon */
 	    for (p++; *p == ' '; p++);		/* skip colon and spaces */
-	    ret = malloc(strlen(p) + 1);
+	    ret = xmalloc(strlen(p) + 1);
 	    for (q = ret; *p != '\n' && *p != '\r'; *q++ = *p++); /*copy data*/
 	    *q = '\0';
 	    state = 2;
@@ -729,6 +732,26 @@
 }
 
 
+/* Memory allocation routines */
+void *xmalloc(size_t size)
+{
+    void *ptr;
+
+    if ((ptr = malloc(size)) == NULL)
+	err_sys("malloc");
+
+    return ptr;
+}
+
+void *xrealloc(void *ptr, size_t size)
+{
+    if ((ptr = realloc(ptr, size)) == NULL)
+	err_sys("realloc");
+
+    return ptr;
+}
+
+
 /* Error routines */
 void err_sys(const char *fmt, ...)
 {
diff -Nru whois-4.6.6.orig/whois.h whois-4.6.6/whois.h
--- whois-4.6.6.orig/whois.h	2003-03-16 09:08:10.000000000 -0500
+++ whois-4.6.6/whois.h	2003-08-11 15:53:43.000000000 -0400
@@ -23,6 +23,8 @@
 int domfind(const char *, const char *[]);
 char *normalize_domain(const char *);
 
+void *xmalloc(size_t);
+void *xrealloc(void *, size_t);
 void err_quit(const char *,...);
 void err_sys(const char *,...);