diff -ru sbin/route.orig/route.c sbin/route/route.c
--- sbin/route.orig/route.c	2004-03-23 15:25:51.000000000 -0300
+++ sbin/route/route.c	2004-10-26 00:10:19.000000000 -0200
@@ -333,13 +333,13 @@
 		if (gethostname(domain, MAXHOSTNAMELEN) == 0 &&
 		    (cp = strchr(domain, '.'))) {
 			domain[MAXHOSTNAMELEN] = '\0';
-			strcpy(domain, cp + 1);
+			strlcpy(domain, cp + 1, sizeof(domain));
 		} else
 			domain[0] = 0;
 	}
 
 	if (sa->sa_len == 0)
-		strcpy(line, "default");
+		strlcpy(line, "default", sizeof(line));
 	else switch (sa->sa_family) {
 
 	case AF_INET:
@@ -360,10 +360,10 @@
 			}
 		}
 		if (cp) {
-			strncpy(line, cp, sizeof(line) - 1);
+			strlcpy(line, cp, sizeof(line));
 			line[sizeof(line) - 1] = '\0';
 		} else
-			sprintf(line, "%s", inet_ntoa(in));
+			snprintf(line, sizeof(line), "%s", inet_ntoa(in));
 		break;
 	    }
 
@@ -395,7 +395,7 @@
 			niflags |= NI_NUMERICHOST;
 		if (getnameinfo((struct sockaddr *)&sin6, sin6.sin6_len,
 		    line, sizeof(line), NULL, 0, niflags) != 0)
-			strncpy(line, "invalid", sizeof(line));
+			strlcpy(line, "invalid", sizeof(line));
 
 		return(line);
 	}
@@ -417,7 +417,8 @@
 	default:
 	    {	u_short *s = (u_short *)sa;
 		u_short *slim = s + ((sa->sa_len + 1) >> 1);
-		char *cp = line + sprintf(line, "(%d)", sa->sa_family);
+		char *cp = line + snprintf(line, sizeof(line), "(%d)",
+				           sa->sa_family);
 		char *cpe = line + sizeof(line);
 
 		while (++s < slim && cp < cpe) /* start with sa->sa_data */
@@ -482,19 +483,19 @@
 		}
 #define C(x)	(unsigned)((x) & 0xff)
 		if (cp)
-			strncpy(line, cp, sizeof(line));
+			strlcpy(line, cp, sizeof(line));
 		else if ((in.s_addr & 0xffffff) == 0)
-			sprintf(line, "%u", C(in.s_addr >> 24));
+			snprintf(line, sizeof(line), "%u", C(in.s_addr >> 24));
 		else if ((in.s_addr & 0xffff) == 0)
-			sprintf(line, "%u.%u", C(in.s_addr >> 24),
+			snprintf(line, sizeof(line), "%u.%u", C(in.s_addr >> 24),
 			    C(in.s_addr >> 16));
 		else if ((in.s_addr & 0xff) == 0)
-			sprintf(line, "%u.%u.%u", C(in.s_addr >> 24),
+			snprintf(line, sizeof(line), "%u.%u.%u", C(in.s_addr >> 24),
 			    C(in.s_addr >> 16), C(in.s_addr >> 8));
 		else
-			sprintf(line, "%u.%u.%u.%u", C(in.s_addr >> 24),
-			    C(in.s_addr >> 16), C(in.s_addr >> 8),
-			    C(in.s_addr));
+			snprintf(line, sizeof(line), "%u.%u.%u.%u",
+				 C(in.s_addr >> 24), C(in.s_addr >> 16),
+				 C(in.s_addr >> 8), C(in.s_addr));
 #undef C
 		break;
 	    }
@@ -527,7 +528,7 @@
 			niflags |= NI_NUMERICHOST;
 		if (getnameinfo((struct sockaddr *)&sin6, sin6.sin6_len,
 		    line, sizeof(line), NULL, 0, niflags) != 0)
-			strncpy(line, "invalid", sizeof(line));
+			strlcpy(line, "invalid", sizeof(line));
 
 		return(line);
 	}
@@ -551,7 +552,8 @@
 	default:
 	    {	u_short *s = (u_short *)sa->sa_data;
 		u_short *slim = s + ((sa->sa_len + 1)>>1);
-		char *cp = line + sprintf(line, "af %d:", sa->sa_family);
+		char *cp = line + snprintf(line, sizeof(line), "af %d:",
+					   sa->sa_family);
 		char *cpe = line + sizeof(line);
 
 		while (s < slim && cp < cpe)
@@ -1170,7 +1172,7 @@
 	if (ns_nullhost(work) && net.long_e == 0) {
 		if (!port)
 			return("*.*");
-		sprintf(mybuf, "*.%XH", port);
+		snprintf(mybuf, sizeof(mybuf), "*.%XH", port);
 		return(mybuf);
 	}
 
@@ -1180,14 +1182,14 @@
 		host = "*";
 	else {
 		q = work.x_host.c_host;
-		sprintf(chost, "%02X%02X%02X%02X%02X%02XH",
+		snprintf(chost, sizeof(chost), "%02X%02X%02X%02X%02X%02XH",
 			q[0], q[1], q[2], q[3], q[4], q[5]);
 		for (p = chost; *p == '0' && p < chost + 12; p++)
 			/* void */;
 		host = p;
 	}
 	if (port)
-		sprintf(cport, ".%XH", htons(port));
+		snprintf(cport, sizeof(cport), ".%XH", htons(port));
 	else
 		*cport = 0;