--- whois-4.7.26/whois.c
+++ whois-4.7.26/whois.c
@@ -87,7 +87,7 @@
 	/* RIPE flags */
 	if (strchr(ripeflags, ch)) {
 	    for (p = fstring; *p; p++);
-	    sprintf(p--, "-%c ", ch);
+	    snprintf(p--, sizeof(fstring), "-%c ", ch);
 	    continue;
 	}
 	if (strchr(ripeflagsp, ch)) {
@@ -141,10 +141,10 @@
 	while (1) {
 	    qslen += strlen(*argv) + 1 + 1;
 	    qstring = realloc(qstring, qslen);
-	    strcat(qstring, *argv++);
+	    strncat(qstring, *argv++, qslen-1);
 	    if (argc == 1)
 		break;
-	    strcat(qstring, " ");
+	    strncat(qstring, " ", qslen-1);
 	    argc--;
 	}
     }
@@ -467,8 +467,10 @@
     char *buf, *p;
     int i, isripe = 0;
 
+    /* buflen was always 0 in original patch and buf was allocated twice /Aye */
     /* 64 bytes reserved for server-specific flags added later */
-    buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64);
+    int buflen = strlen(flags) + strlen(query) + strlen(client_tag) + 64;
+    buf = malloc(buflen);
     *buf = '\0';
     for (i = 0; ripe_servers[i]; i++)
 	if (streq(server, ripe_servers[i])) {
@@ -481,7 +483,7 @@
     if (*flags) {
 	if (!isripe && !streq(server, "whois.corenic.net"))
 	    puts(_("Warning: RIPE flags used with a traditional server."));
-	strcat(buf, flags);
+	strncat(buf, flags, buflen-1);
     }
 
 #ifdef HAVE_LIBIDN
@@ -490,28 +492,28 @@
      */
     if (streq(server, "whois.denic.de") && domcmp(query, ".de")
 	    && !strchr(query, ' ') && !*flags)
-	sprintf(buf, "-T dn,ace -C US-ASCII %s", query);
+	snprintf(buf, buflen-1, "-T dn,ace -C US-ASCII %s", query);
     else
     /* here we have another registrar who could not make things simple
      * -C sets the language for both input and output
      */
     if (!isripe && streq(server, "whois.cat") && domcmp(query, ".cat")
 	    && !strchr(query, ' '))
-	sprintf(buf, "-C US-ASCII ace %s", query);
+	snprintf(buf, buflen-1, "-C US-ASCII ace %s", query);
     else
 #endif
     if (!isripe && (streq(server, "whois.nic.mil") ||
 	    streq(server, "whois.nic.ad.jp")) &&
 	    strncaseeq(query, "AS", 2) && isasciidigit(query[2]))
 	/* FIXME: /e is not applied to .JP ASN */
-	sprintf(buf, "AS %s", query + 2);	/* fix query for DDN */
+	snprintf(buf, buflen-1, "AS %s", query + 2);	/* fix query for DDN */
     else if (!isripe && (streq(server, "whois.nic.ad.jp") ||
 	    streq(server, "whois.jprs.jp"))) {
 	char *lang = getenv("LANG");	/* not a perfect check, but... */
 	if (!lang || !strneq(lang, "ja", 2))
-	    sprintf(buf, "%s/e", query);	/* ask for english text */
+	    snprintf(buf, buflen-1, "%s/e", query);	/* ask for english text */
 	else
-	    strcat(buf, query);
+	    strncat(buf, query, buflen-1);
     } else if (!isripe && streq(server, "whois.arin.net") &&
 	    (p = strrchr(query, '/'))) {
 	strncat(buf, query, p - query);		/* strip CIDR */