diff -ru sbin/init.orig/init.c sbin/init/init.c
--- sbin/init.orig/init.c	2003-12-18 02:12:38.000000000 -0200
+++ sbin/init/init.c	2004-10-25 17:02:32.974668874 -0300
@@ -892,6 +892,7 @@
 {
 	register session_t *sp;
 	int fd;
+	size_t pathsiz;
 
 	if ((typ->ty_status & TTY_ON) == 0 ||
 	    typ->ty_name == 0 ||
@@ -903,8 +904,9 @@
 	sp->se_index = session_index;
 	sp->se_flags |= SE_PRESENT;
 
-	sp->se_device = malloc(sizeof(_PATH_DEV) + strlen(typ->ty_name));
-	(void) sprintf(sp->se_device, "%s%s", _PATH_DEV, typ->ty_name);
+	pathsiz = sizeof(_PATH_DEV) + strlen(typ->ty_name);
+	sp->se_device = malloc(pathsiz);
+	snprintf(sp->se_device, pathsiz, "%s%s", _PATH_DEV, typ->ty_name);
 
 	/*
 	 * Attempt to open the device, if we get "device not configured"
@@ -941,14 +943,16 @@
 int
 setupargv(session_t *sp, struct ttyent *typ)
 {
+	size_t gettysiz;
 
 	if (sp->se_getty) {
 		free(sp->se_getty);
 		free(sp->se_getty_argv_space);
 		free(sp->se_getty_argv);
 	}
-	sp->se_getty = malloc(strlen(typ->ty_getty) + strlen(typ->ty_name) + 2);
-	(void) sprintf(sp->se_getty, "%s %s", typ->ty_getty, typ->ty_name);
+	gettysiz = strlen(typ->ty_getty) + strlen(typ->ty_name) + 2;
+	sp->se_getty = malloc(gettysiz);
+	snprintf(sp->se_getty, gettysiz, "%s %s", typ->ty_getty, typ->ty_name);
 	sp->se_getty_argv_space = strdup(sp->se_getty);
 	sp->se_getty_argv = construct_argv(sp->se_getty_argv_space);
 	if (sp->se_getty_argv == 0) {
@@ -1052,8 +1056,7 @@
 #endif
 	if (sp->se_type) {
 		/* Don't use malloc after fork */
-		strcpy(term, "TERM=");
-		strncat(term, sp->se_type, sizeof(term) - 6);
+		snprintf(term, sizeof(term), "TERM=%s", sp->se_type);
 		env[0] = term;
 		env[1] = 0;
 	}
@@ -1116,8 +1119,7 @@
 #endif
 	if (sp->se_type) {
 		/* Don't use malloc after fork */
-		strcpy(term, "TERM=");
-		strncat(term, sp->se_type, sizeof(term) - 6);
+		snprintf(term, sizeof(term), "TERM=%s", sp->se_type);
 		env[0] = term;
 		env[1] = 0;
 	}