diff -ru sbin/mount_portal.orig/mount_portal.c sbin/mount_portal/mount_portal.c
--- sbin/mount_portal.orig/mount_portal.c	2003-11-01 15:16:00.000000000 -0200
+++ sbin/mount_portal/mount_portal.c	2004-10-27 22:57:11.000000000 -0200
@@ -97,6 +97,7 @@
 	char tag[32];
 	struct vfsconf vfc;
 	mode_t um;
+	size_t tmplen;
 
 	qelem q;
 	int rc;
@@ -137,10 +138,9 @@
 	 * Construct the listening socket
 	 */
 	un.sun_family = AF_UNIX;
-	if (sizeof(_PATH_TMPPORTAL) >= sizeof(un.sun_path)) {
+	tmplen = strlcpy(un.sun_path, _PATH_TMPPORTAL, sizeof(un.sun_path));
+	if (tmplen >= sizeof(un.sun_path))
 		errx(EX_SOFTWARE, "portal socket name too long");
-	}
-	strcpy(un.sun_path, _PATH_TMPPORTAL);
 	mktemp(un.sun_path);
 	un.sun_len = strlen(un.sun_path);
 
@@ -159,7 +159,7 @@
 	(void) listen(so, 5);
 
 	args.pa_socket = so;
-	sprintf(tag, "portal:%d", getpid());
+	snprintf(tag, sizeof(tag), "portal:%d", getpid());
 	args.pa_config = tag;
 
 	error = getvfsbyname("portal", &vfc);
diff -ru sbin/mount_portal.orig/pt_file.c sbin/mount_portal/pt_file.c
--- sbin/mount_portal.orig/pt_file.c	2003-09-28 11:39:19.000000000 -0300
+++ sbin/mount_portal/pt_file.c	2004-10-27 22:44:19.000000000 -0200
@@ -59,7 +59,7 @@
 	int i;
 
 	pbuf[0] = '/';
-	strcpy(pbuf+1, key + (v[1] ? strlen(v[1]) : 0));
+	strlcpy(pbuf+1, key + (v[1] ? strlen(v[1]) : 0), sizeof(pbuf)-1);
 
 #ifdef DEBUG
 	printf("path = %s, uid = %d, gid = %d\n", pbuf, pcr->pcr_uid, pcr->pcr_groups[0]);
diff -ru sbin/mount_portal.orig/pt_tcp.c sbin/mount_portal/pt_tcp.c
--- sbin/mount_portal.orig/pt_tcp.c	2003-09-28 11:39:19.000000000 -0300
+++ sbin/mount_portal/pt_tcp.c	2004-10-27 22:44:19.000000000 -0200
@@ -80,7 +80,7 @@
 	if (q == 0 || q - p >= sizeof(host))
 		return (EINVAL);
 	*q = '\0';
-	strcpy(host, p);
+	strlcpy(host, p, sizeof(host));
 	p = q + 1;
 
 	q = strchr(p, '/');
@@ -88,7 +88,7 @@
 		*q = '\0';
 	if (strlen(p) >= sizeof(port))
 		return (EINVAL);
-	strcpy(port, p);
+	strlcpy(port, p, sizeof(port));
 	if (q) {
 		p = q + 1;
 		if (strcmp(p, "priv") == 0) {