diff -ru sbin/slattach.orig/slattach.c sbin/slattach/slattach.c
--- sbin/slattach.orig/slattach.c	2003-11-01 15:16:02.000000000 -0200
+++ sbin/slattach/slattach.c	2004-10-26 14:24:44.673693452 -0300
@@ -179,9 +179,7 @@
 		exit_handler(2);
 	}
 	if (strncmp(_PATH_DEV, dev, sizeof(_PATH_DEV) - 1)) {
-		strcpy(tty_path, _PATH_DEV);
-		strcat(tty_path, "/");
-		strncat(tty_path, dev, 10);
+		snprintf(tty_path, sizeof(tty_path), "%s/%s", _PATH_DEV, dev);
 		dev = tty_path;
 	}
 	dvname = strrchr(dev, '/'); /* always succeeds */
@@ -377,7 +375,7 @@
 		syslog(LOG_ERR, "socket: %m");
 		exit_handler(1);
 	}
-	sprintf(ifr.ifr_name, "sl%d", tmp_unit);
+	snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "sl%d", tmp_unit);
 
 	/* get the flags for the interface */
 	if (ioctl(s, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) {
@@ -409,12 +407,13 @@
 	/* iff the unit number changes either invoke config_cmd or punt. */
 	if (config_cmd) {
 		char *s;
-		s = (char*) malloc(strlen(config_cmd) + 32);
+		size_t len = strlen(config_cmd) + 32;
+		s = malloc(len);
 		if (s == NULL) {
 			syslog(LOG_ERR, "malloc failed");
 			exit(1);
 		}
-		sprintf (s, "%s %d %d", config_cmd, unit, new_unit);
+		snprintf (s, len, "%s %d %d", config_cmd, unit, new_unit);
 		syslog(LOG_NOTICE, "configuring %s (sl%d):", dev, unit);
 		syslog(LOG_NOTICE, "  '%s'", s);
 		system(s);
@@ -564,12 +563,13 @@
 
 	if (config_cmd) {
 		char *s;
-		s = (char*) malloc(strlen(config_cmd) + 32);
+		size_t len = strlen(config_cmd) + 32;
+		s = malloc(len);
 		if (s == NULL) {
 			syslog(LOG_ERR, "malloc failed");
 			exit(1);
 		}
-		sprintf (s, "%s %d -1", config_cmd, unit);
+		snprintf (s, len, "%s %d -1", config_cmd, unit);
 		syslog(LOG_NOTICE, "deconfiguring %s (sl%d):", dev, unit);
 		syslog(LOG_NOTICE, "  '%s'", s);
 		system(s);