From fda2bc874751ca479365dc6389c0eebb41a0bda1 Mon Sep 17 00:00:00 2001
From: Jeffrey Hutzelman <jhutz@cmu.edu>
Date: Mon, 17 Jun 2013 21:08:14 -0400
Subject: [PATCH] Allocate pathname buffers dynamically

This change reworks numerous places which formerly used potentially
large on-stack buffers (of size AFSDIR_PATH_MAX) for constructing or
storing pathnames.  Instead, these buffers are now allocated from the
heap, either by using asprintf() to build a pathname in a correctly
sized buffer or, where necessary, using malloc() to allocate a buffer
of size AFSDIR_PATH_MAX.

A few occurrances of AFSDIR_PATH_MAX-sized buffers are not changed;
these are generally either globals or are contained within another
data structure that is already allocated on the heap.

[kaduk@mit.edu convert to cleanup-handler memory management where
appropriate]

Change-Id: Ib1986187a1c467e867d50280aaf1d8a86d9108c8
Reviewed-on: http://gerrit.openafs.org/9985
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/WINNT/afsreg/test/regman.c |  39 ++++++----
 src/bozo/bosoprocs.c           | 135 +++++++++++++++++++++------------
 src/bozo/bosserver.c           |  39 ++++++----
 src/bozo/fsbnodeops.c          | 120 ++++++++++++++++++++---------
 src/bucoord/dsstub.c           |  35 ++++++---
 src/butc/tcmain.c              |   6 +-
 src/kauth/kaserver.c           |  10 ++-
 src/kauth/kdb.c                |   7 +-
 src/libadmin/cfg/cfgservers.c  | 117 ++++++++--------------------
 src/ptserver/pts.c             |   8 +-
 src/update/client.c            |  50 +++++++++---
 src/update/server.c            |  48 +++++++++---
 src/vol/daemon_com.c           |  10 +--
 src/vol/salvaged.c             |  36 ++++-----
 src/vol/vol-salvage.c          |  38 +++++-----
 15 files changed, 421 insertions(+), 277 deletions(-)

diff --git a/src/WINNT/afsreg/test/regman.c b/src/WINNT/afsreg/test/regman.c
index 04fa7ca8a..106d09a47 100644
--- a/src/WINNT/afsreg/test/regman.c
+++ b/src/WINNT/afsreg/test/regman.c
@@ -145,13 +145,17 @@ static int DoDirSet(struct cmd_syndesc *as, void *arock)
 
 static int DoBosCfg(struct cmd_syndesc *as, void *arock)
 {
-    char bosSvcPath[AFSDIR_PATH_MAX];
-    SC_HANDLE scmHandle, svcHandle;
+    char *bosSvcPath = NULL;
+    SC_HANDLE scmHandle = NULL, svcHandle = NULL;
+    int code;
 
     /* determine if using specified or default service binary path */
     if (as->parms[0].items) {
 	/* BOS control service binary path specified */
-	sprintf(bosSvcPath, "\"%s\"", as->parms[0].items->data);
+	if (asprintf(&bosSvcPath, "\"%s\"", as->parms[0].items->data) < 0) {
+	    afs_com_err(whoami, 0, "out of memory building binary path");
+	    return 1;
+	}
     } else {
 	/* no BOS control service binary path specified; check for default */
 	char *dirBuf;
@@ -161,10 +165,13 @@ static int DoBosCfg(struct cmd_syndesc *as, void *arock)
 		    "binary path not specified and AFS server installation directory not set");
 	    return 1;
 	}
-	sprintf(bosSvcPath, "\"%s%s/%s\"",
-		dirBuf,
-		AFSDIR_CANONICAL_SERVER_BIN_DIRPATH,
-		AFSREG_SVR_SVC_IMAGENAME_DATA);
+	if (asprintf(&bosSvcPath, "\"%s%s/%s\"",
+		     dirBuf,
+		     AFSDIR_CANONICAL_SERVER_BIN_DIRPATH,
+		     AFSREG_SVR_SVC_IMAGENAME_DATA) < 0) {
+	    afs_com_err(whoami, 0, "out of memory building binary path");
+	    return 1;
+	}
     }
 
     /* create BOS control service */
@@ -178,7 +185,8 @@ static int DoBosCfg(struct cmd_syndesc *as, void *arock)
 	    reason = "(insufficient privilege)";
 	}
 	afs_com_err(whoami, 0, "unable to connect to the SCM %s", reason);
-	return 1;
+	code = 1;
+	goto out;
     }
 
     svcHandle = CreateService(scmHandle,
@@ -203,13 +211,18 @@ static int DoBosCfg(struct cmd_syndesc *as, void *arock)
 	    reason = "(service or display name already exists)";
 	}
 	afs_com_err(whoami, 0, "unable to create service %s", reason);
-	CloseServiceHandle(scmHandle);
-	return 1;
+	code = 1;
+    } else {
+	code = 0;
     }
 
-    CloseServiceHandle(svcHandle);
-    CloseServiceHandle(scmHandle);
-    return (0);
+out:
+    free(bosSvcPath);
+    if (svcHandle != NULL)
+	CloseServiceHandle(svcHandle);
+    if (scmHandle != NULL)
+	CloseServiceHandle(scmHandle);
+    return code;
 }
 
 
diff --git a/src/bozo/bosoprocs.c b/src/bozo/bosoprocs.c
index b625ac079..4a446caf8 100644
--- a/src/bozo/bosoprocs.c
+++ b/src/bozo/bosoprocs.c
@@ -135,41 +135,46 @@ SBOZO_GetDates(struct rx_call *acall, char *aname, afs_int32 *atime,
 	       afs_int32 *abakTime, afs_int32 *aoldTime)
 {
     struct stat tstat;
-    char *strp;
-    char tbuffer[AFSDIR_PATH_MAX];
+    char *filepath = NULL, *fpBak = NULL, *fpOld = NULL;
 
     *atime = *abakTime = *aoldTime = 0;
 
     /* construct local path from canonical (wire-format) path */
-    if (ConstructLocalBinPath(aname, &strp)) {
+    if (ConstructLocalBinPath(aname, &filepath)) {
 	return 0;
     }
-    strcpy(tbuffer, strp);
-    free(strp);
-
-    strp = tbuffer + strlen(tbuffer);
+    if (asprintf(&fpBak, "%s.BAK", filepath) < 0) {
+	fpBak = NULL;
+	goto out;
+    }
+    if (asprintf(&fpOld, "%s.OLD", filepath) < 0) {
+	fpOld = NULL;
+	goto out;
+    }
 
-    if (!stat(tbuffer, &tstat)) {
+    if (!stat(filepath, &tstat)) {
 	*atime = tstat.st_mtime;
     }
 
-    strcpy(strp, ".BAK");
-    if (!stat(tbuffer, &tstat)) {
+    if (!stat(fpBak, &tstat)) {
 	*abakTime = tstat.st_mtime;
     }
 
-    strcpy(strp, ".OLD");
-    if (!stat(tbuffer, &tstat)) {
+    if (!stat(fpOld, &tstat)) {
 	*aoldTime = tstat.st_mtime;
     }
+out:
+    free(fpOld);
+    free(fpBak);
+    free(filepath);
     return 0;
 }
 
 afs_int32
 SBOZO_UnInstall(struct rx_call *acall, char *aname)
 {
-    char *filepath;
-    char fpOld[AFSDIR_PATH_MAX], fpBak[AFSDIR_PATH_MAX];
+    char *filepath = NULL;
+    char *fpOld = NULL, *fpBak = NULL;
     afs_int32 code;
     char caller[MAXKTCNAMELEN];
     struct stat tstat;
@@ -193,10 +198,16 @@ SBOZO_UnInstall(struct rx_call *acall, char *aname)
     if (DoLogging)
 	bozo_Log("%s is executing UnInstall '%s'\n", caller, filepath);
 
-    strcpy(fpBak, filepath);
-    strcat(fpBak, ".BAK");
-    strcpy(fpOld, filepath);
-    strcat(fpOld, ".OLD");
+    if (asprintf(&fpBak, "%s.BAK", filepath) < 0) {
+	code = BZIO;
+	fpBak = NULL;
+	goto out;
+    }
+    if (asprintf(&fpOld, "%s.OLD", filepath) < 0) {
+	code = BZIO;
+	fpOld = NULL;
+	goto out;
+    }
 
     code = rk_rename(fpBak, filepath);
     if (code) {
@@ -212,7 +223,10 @@ SBOZO_UnInstall(struct rx_call *acall, char *aname)
     if (code)
 	code = errno;
 
+out:
     osi_auditU(acall, BOS_UnInstallEvent, code, AUD_STR, filepath, AUD_END);
+    free(fpBak);
+    free(fpOld);
     free(filepath);
 
     return code;
@@ -223,21 +237,25 @@ static void
 SaveOldFiles(char *aname)
 {
     afs_int32 code;
-    char bbuffer[AFSDIR_PATH_MAX], obuffer[AFSDIR_PATH_MAX];
+    char *bbuffer = NULL, *obuffer = NULL;
     struct stat tstat;
     afs_int32 now;
     afs_int32 oldTime, bakTime;
 
-    strcpy(bbuffer, aname);
-    strcat(bbuffer, ".BAK");
-    strcpy(obuffer, aname);
-    strcat(obuffer, ".OLD");
     now = FT_ApproxTime();
 
     code = stat(aname, &tstat);
     if (code < 0)
 	return;			/* can't stat file */
 
+    if (asprintf(&bbuffer, "%s.BAK", aname) < 0)
+	return;
+
+    if (asprintf(&obuffer, "%s.OLD", aname) < 0) {
+	obuffer = NULL;
+	goto out;
+    }
+
     code = stat(obuffer, &tstat);	/* discover old file's time */
     if (code)
 	oldTime = 0;
@@ -257,13 +275,17 @@ SaveOldFiles(char *aname)
 
     /* finally rename to .BAK extension */
     rk_rename(aname, bbuffer);
+
+out:
+    free(bbuffer);
+    free(obuffer);
 }
 
 afs_int32
 SBOZO_Install(struct rx_call *acall, char *aname, afs_int32 asize, afs_int32 mode, afs_int32 amtime)
 {
-    afs_int32 code;
-    int fd;
+    afs_int32 code, ret = 0;
+    int fd = -1;
     afs_int32 len;
     afs_int32 total;
 #ifdef AFS_NT40_ENV
@@ -271,7 +293,7 @@ SBOZO_Install(struct rx_call *acall, char *aname, afs_int32 asize, afs_int32 mod
 #else
     struct timeval tvb[2];
 #endif
-    char filepath[AFSDIR_PATH_MAX], tbuffer[AFSDIR_PATH_MAX], *fpp;
+    char *filepath = NULL, *fpNew = NULL, *tbuffer = NULL;
     char caller[MAXKTCNAMELEN];
 
     if (!afsconf_SuperUser(bozo_confdir, acall, caller))
@@ -280,53 +302,58 @@ SBOZO_Install(struct rx_call *acall, char *aname, afs_int32 asize, afs_int32 mod
 	return BZACCESS;
 
     /* construct local path from canonical (wire-format) path */
-    if (ConstructLocalBinPath(aname, &fpp)) {
+    if (ConstructLocalBinPath(aname, &filepath)) {
 	return BZNOENT;
     }
-    strcpy(filepath, fpp);
-    free(fpp);
+    if (asprintf(&fpNew, "%s.NEW", filepath) < 0) {
+	ret = ENOMEM;
+	fpNew = NULL;
+	goto out;
+    }
+    tbuffer = malloc(AFSDIR_PATH_MAX);
+    if (tbuffer == NULL) {
+	ret =  ENOMEM;
+	goto out;
+    }
 
     if (DoLogging)
 	bozo_Log("%s is executing Install '%s'\n", caller, filepath);
 
     /* open file */
-    fpp = filepath + strlen(filepath);
-    strcpy(fpp, ".NEW");	/* append ".NEW" to end of filepath */
-    fd = open(filepath, O_CREAT | O_RDWR | O_TRUNC, 0777);
-    if (fd < 0)
-	return errno;
+    fd = open(fpNew, O_CREAT | O_RDWR | O_TRUNC, 0777);
+    if (fd < 0) {
+	ret =  errno;
+	goto out;
+    }
     total = 0;
     while (1) {
 	len = rx_Read(acall, tbuffer, sizeof(tbuffer));
 	if (len < 0) {
-	    close(fd);
-	    unlink(filepath);
-	    return 102;
+	    unlink(fpNew);
+	    ret =  102;
+	    goto out;
 	}
 	if (len == 0)
 	    break;		/* no more input */
 	code = write(fd, tbuffer, len);
 	if (code != len) {
-	    close(fd);
-	    unlink(filepath);
-	    return 100;
+	    unlink(fpNew);
+	    ret =  100;
+	    goto out;
 	}
 	total += len;		/* track total written for safety check at end */
     }
-    close(fd);
     if (asize != total) {
-	unlink(filepath);
-	return 101;		/* wrong size */
+	unlink(fpNew);
+	ret =  101;		/* wrong size */
+	goto out;
     }
 
     /* save old files */
-    *fpp = '\0';		/* remove ".NEW" from end of filepath */
     SaveOldFiles(filepath);	/* don't care if it works, still install */
 
     /* all done, rename to final name */
-    strcpy(tbuffer, filepath);
-    strcat(tbuffer, ".NEW");
-    code = (rk_rename(tbuffer, filepath) ? errno : 0);
+    code = (rk_rename(fpNew, filepath) ? errno : 0);
 
     /* label file with same time for our sanity */
 #ifdef AFS_NT40_ENV
@@ -343,9 +370,17 @@ SBOZO_Install(struct rx_call *acall, char *aname, afs_int32 asize, afs_int32 mod
 
     if (code < 0) {
 	osi_auditU(acall, BOS_InstallEvent, code, AUD_STR, filepath, AUD_END);
-	return errno;
-    } else
-	return 0;
+	ret = errno;
+	goto out;
+    }
+    ret = 0;
+out:
+    if (fd >= 0)
+	close(fd);
+    free(filepath);
+    free(fpNew);
+    free(tbuffer);
+    return ret;
 }
 
 afs_int32
diff --git a/src/bozo/bosserver.c b/src/bozo/bosserver.c
index fa568076e..e96beee05 100644
--- a/src/bozo/bosserver.c
+++ b/src/bozo/bosserver.c
@@ -530,17 +530,21 @@ int
 WriteBozoFile(char *aname)
 {
     FILE *tfile;
-    char tbuffer[AFSDIR_PATH_MAX];
+    char *tbuffer = NULL;
     afs_int32 code;
     struct bztemp btemp;
+    int ret = 0;
 
     if (!aname)
 	aname = (char *)bozo_fileName;
-    strcpy(tbuffer, aname);
-    strcat(tbuffer, ".NBZ");
-    tfile = fopen(tbuffer, "w");
-    if (!tfile)
+    if (asprintf(&tbuffer, "%s.NBZ", aname) < 0)
 	return -1;
+
+    tfile = fopen(tbuffer, "w");
+    if (!tfile) {
+	ret = -1;
+	goto out;
+    }
     btemp.file = tfile;
 
     fprintf(tfile, "restrictmode %d\n", bozo_isrestricted);
@@ -554,19 +558,25 @@ WriteBozoFile(char *aname)
     if (code || (code = ferror(tfile))) {	/* something went wrong */
 	fclose(tfile);
 	unlink(tbuffer);
-	return code;
+	ret = code;
+	goto out;
     }
     /* close the file, check for errors and snap new file into place */
     if (fclose(tfile) == EOF) {
 	unlink(tbuffer);
-	return -1;
+	ret = -1;
+	goto out;
     }
     code = rk_rename(tbuffer, aname);
     if (code) {
 	unlink(tbuffer);
-	return -1;
+	ret = -1;
+	goto out;
     }
-    return 0;
+    ret = 0;
+out:
+    free(tbuffer);
+    return ret;
 }
 
 static int
@@ -777,7 +787,7 @@ main(int argc, char **argv, char **envp)
     struct afsconf_dir *tdir;
     int noAuth = 0;
     int i;
-    char namebuf[AFSDIR_PATH_MAX];
+    char *oldlog;
     int rxMaxMTU = -1;
     afs_uint32 host = htonl(INADDR_ANY);
     char *auditFileName = NULL;
@@ -972,9 +982,12 @@ main(int argc, char **argv, char **envp)
 	!(S_ISFIFO(sb.st_mode)))
 #endif
 	) {
-	strcpy(namebuf, AFSDIR_BOZLOG_FILE);
-	strcat(namebuf, ".old");
-	rk_rename(AFSDIR_BOZLOG_FILE, namebuf);	/* try rename first */
+	if (asprintf(&oldlog, "%s.old", AFSDIR_BOZLOG_FILE) < 0) {
+	    printf("bosserver: out of memory\n");
+	    exit(1);
+	}
+	rk_rename(AFSDIR_BOZLOG_FILE, oldlog);	/* try rename first */
+	free(oldlog);
 	bozo_logFile = fopen(AFSDIR_BOZLOG_FILE, "a");
 	if (!bozo_logFile) {
 	    printf("bosserver: can't initialize log file (%s).\n",
diff --git a/src/bozo/fsbnodeops.c b/src/bozo/fsbnodeops.c
index c8ec5328f..7893599d2 100644
--- a/src/bozo/fsbnodeops.c
+++ b/src/bozo/fsbnodeops.c
@@ -112,9 +112,9 @@ static void SetNeedsClock(struct fsbnode *);
 static int NudgeProcs(struct fsbnode *);
 
 #ifdef AFS_NT40_ENV
-static void AppendExecutableExtension(char *cmd);
+static char *AppendExecutableExtension(char *cmd);
 #else
-#define AppendExecutableExtension(x)
+#define AppendExecutableExtension(x) strdup(x)
 #endif
 
 struct bnode_ops fsbnode_ops = {
@@ -286,20 +286,22 @@ fs_restartp(struct bnode *bn)
 static int
 SetSalFlag(struct fsbnode *abnode, int aflag)
 {
-    char tbuffer[AFSDIR_PATH_MAX];
+    char *filepath;
     int fd;
 
     /* don't use the salvage flag for demand attach fs */
     if (abnode->salsrvcmd == NULL) {
 	abnode->needsSalvage = aflag;
-	strcompose(tbuffer, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH, "/",
-		   SALFILE, abnode->b.name, (char *)NULL);
+	if (asprintf(&filepath, "%s/%s%s", AFSDIR_SERVER_LOCAL_DIRPATH,
+		   SALFILE, abnode->b.name) < 0)
+	    return ENOMEM;
 	if (aflag) {
-	    fd = open(tbuffer, O_CREAT | O_TRUNC | O_RDWR, 0666);
+	    fd = open(filepath, O_CREAT | O_TRUNC | O_RDWR, 0666);
 	    close(fd);
 	} else {
-	    unlink(tbuffer);
+	    unlink(filepath);
 	}
+	free(filepath);
     }
     return 0;
 }
@@ -308,20 +310,22 @@ SetSalFlag(struct fsbnode *abnode, int aflag)
 static int
 RestoreSalFlag(struct fsbnode *abnode)
 {
-    char tbuffer[AFSDIR_PATH_MAX];
+    char *filepath;
 
     /* never set needs salvage flag for demand attach fs */
     if (abnode->salsrvcmd != NULL) {
 	abnode->needsSalvage = 0;
     } else {
-	strcompose(tbuffer, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH, "/",
-		   SALFILE, abnode->b.name, (char *)NULL);
-	if (access(tbuffer, 0) == 0) {
+	if (asprintf(&filepath, "%s/%s%s", AFSDIR_SERVER_LOCAL_DIRPATH,
+		     SALFILE, abnode->b.name) < 0)
+	    return ENOMEM;
+	if (access(filepath, 0) == 0) {
 	    /* file exists, so need to salvage */
 	    abnode->needsSalvage = 1;
 	} else {
 	    abnode->needsSalvage = 0;
 	}
+	free(filepath);
     }
     return 0;
 }
@@ -344,16 +348,19 @@ fs_delete(struct bnode *bn)
 
 
 #ifdef AFS_NT40_ENV
-static void
+static char *
 AppendExecutableExtension(char *cmd)
 {
     char cmdext[_MAX_EXT];
+    char *cmdexe;
 
     _splitpath(cmd, NULL, NULL, NULL, cmdext);
     if (*cmdext == '\0') {
-	/* no filename extension supplied for cmd; append .exe */
-	strcat(cmd, ".exe");
+	if (asprintf(&cmdexe, "%s.exe", cmd) < 0)
+	    return NULL;
+	return cmdexe;
     }
+    return strdup(cmd);
 }
 #endif /* AFS_NT40_ENV */
 
@@ -364,7 +371,7 @@ fs_create(char *ainstance, char *afilecmd, char *avolcmd, char *asalcmd,
 {
     struct stat tstat;
     struct fsbnode *te;
-    char cmdname[AFSDIR_PATH_MAX];
+    char *cmdname = NULL;
     char *fileCmdpath, *volCmdpath, *salCmdpath, *scanCmdpath;
     int bailout = 0;
 
@@ -397,24 +404,38 @@ fs_create(char *ainstance, char *afilecmd, char *avolcmd, char *asalcmd,
     }
 
     if (!bailout) {
-	sscanf(fileCmdpath, "%s", cmdname);
-	AppendExecutableExtension(cmdname);
+	cmdname = AppendExecutableExtension(fileCmdpath);
+	if (cmdname == NULL) {
+	    bozo_Log("Out of memory constructing binary filename\n");
+	    bailout = 1;
+	    goto done;
+	}
 	if (stat(cmdname, &tstat)) {
 	    bozo_Log("BNODE: file server binary '%s' not found\n", cmdname);
 	    bailout = 1;
 	    goto done;
 	}
+	free(cmdname);
 
-	sscanf(volCmdpath, "%s", cmdname);
-	AppendExecutableExtension(cmdname);
+	cmdname = AppendExecutableExtension(volCmdpath);
+	if (cmdname == NULL) {
+	    bozo_Log("Out of memory constructing binary filename\n");
+	    bailout = 1;
+	    goto done;
+	}
 	if (stat(cmdname, &tstat)) {
 	    bozo_Log("BNODE: volume server binary '%s' not found\n", cmdname);
 	    bailout = 1;
 	    goto done;
 	}
+	free(cmdname);
 
-	sscanf(salCmdpath, "%s", cmdname);
-	AppendExecutableExtension(cmdname);
+	cmdname = AppendExecutableExtension(salCmdpath);
+	if (cmdname == NULL) {
+	    bozo_Log("Out of memory constructing binary filename\n");
+	    bailout = 1;
+	    goto done;
+	}
 	if (stat(cmdname, &tstat)) {
 	    bozo_Log("BNODE: salvager binary '%s' not found\n", cmdname);
 	    bailout = 1;
@@ -422,8 +443,13 @@ fs_create(char *ainstance, char *afilecmd, char *avolcmd, char *asalcmd,
 	}
 
 	if (ascancmd && strlen(ascancmd)) {
-	    sscanf(scanCmdpath, "%s", cmdname);
-	    AppendExecutableExtension(cmdname);
+	    free(cmdname);
+	    cmdname = AppendExecutableExtension(scanCmdpath);
+	    if (cmdname == NULL) {
+		bozo_Log("Out of memory constructing binary filename\n");
+		bailout = 1;
+		goto done;
+	    }
 	    if (stat(cmdname, &tstat)) {
 		bozo_Log("BNODE: scanner binary '%s' not found\n", cmdname);
 		bailout = 1;
@@ -455,6 +481,7 @@ fs_create(char *ainstance, char *afilecmd, char *avolcmd, char *asalcmd,
     SetNeedsClock(te);		/* compute needsClock field */
 
  done:
+    free(cmdname);
     if (bailout) {
 	if (te)
 	    free(te);
@@ -479,7 +506,7 @@ dafs_create(char *ainstance, char *afilecmd, char *avolcmd,
 {
     struct stat tstat;
     struct fsbnode *te;
-    char cmdname[AFSDIR_PATH_MAX];
+    char *cmdname = NULL;
     char *fileCmdpath, *volCmdpath, *salsrvCmdpath, *salCmdpath, *scanCmdpath;
     int bailout = 0;
 
@@ -517,32 +544,51 @@ dafs_create(char *ainstance, char *afilecmd, char *avolcmd,
     }
 
     if (!bailout) {
-	sscanf(fileCmdpath, "%s", cmdname);
-	AppendExecutableExtension(cmdname);
+	cmdname = AppendExecutableExtension(fileCmdpath);
+	if (cmdname == NULL) {
+	    bozo_Log("Out of memory constructing binary filename\n");
+	    bailout = 1;
+	    goto done;
+	}
 	if (stat(cmdname, &tstat)) {
 	    bozo_Log("BNODE: file server binary '%s' not found\n", cmdname);
 	    bailout = 1;
 	    goto done;
 	}
+	free(cmdname);
 
-	sscanf(volCmdpath, "%s", cmdname);
-	AppendExecutableExtension(cmdname);
+	cmdname = AppendExecutableExtension(volCmdpath);
+	if (cmdname == NULL) {
+	    bozo_Log("Out of memory constructing binary filename\n");
+	    bailout = 1;
+	    goto done;
+	}
 	if (stat(cmdname, &tstat)) {
 	    bozo_Log("BNODE: volume server binary '%s' not found\n", cmdname);
 	    bailout = 1;
 	    goto done;
 	}
+	free(cmdname);
 
-	sscanf(salsrvCmdpath, "%s", cmdname);
-	AppendExecutableExtension(cmdname);
+	cmdname = AppendExecutableExtension(salsrvCmdpath);
+	if (cmdname == NULL) {
+	    bozo_Log("Out of memory constructing binary filename\n");
+	    bailout = 1;
+	    goto done;
+	}
 	if (stat(cmdname, &tstat)) {
 	    bozo_Log("BNODE: salvageserver binary '%s' not found\n", cmdname);
 	    bailout = 1;
 	    goto done;
 	}
+	free(cmdname);
 
-	sscanf(salCmdpath, "%s", cmdname);
-	AppendExecutableExtension(cmdname);
+	cmdname = AppendExecutableExtension(salCmdpath);
+	if (cmdname == NULL) {
+	    bozo_Log("Out of memory constructing binary filename\n");
+	    bailout = 1;
+	    goto done;
+	}
 	if (stat(cmdname, &tstat)) {
 	    bozo_Log("BNODE: salvager binary '%s' not found\n", cmdname);
 	    bailout = 1;
@@ -550,8 +596,13 @@ dafs_create(char *ainstance, char *afilecmd, char *avolcmd,
 	}
 
 	if (ascancmd && strlen(ascancmd)) {
-	    sscanf(scanCmdpath, "%s", cmdname);
-	    AppendExecutableExtension(cmdname);
+	    free(cmdname);
+	    cmdname = AppendExecutableExtension(scanCmdpath);
+	    if (cmdname == NULL) {
+		bozo_Log("Out of memory constructing binary filename\n");
+		bailout = 1;
+		goto done;
+	    }
 	    if (stat(cmdname, &tstat)) {
 		bozo_Log("BNODE: scanner binary '%s' not found\n", cmdname);
 		bailout = 1;
@@ -583,6 +634,7 @@ dafs_create(char *ainstance, char *afilecmd, char *avolcmd,
     SetNeedsClock(te);		/* compute needsClock field */
 
  done:
+    free(cmdname);
     if (bailout) {
 	if (te)
 	    free(te);
diff --git a/src/bucoord/dsstub.c b/src/bucoord/dsstub.c
index bd9447b27..01b1c78e7 100644
--- a/src/bucoord/dsstub.c
+++ b/src/bucoord/dsstub.c
@@ -62,13 +62,11 @@ afs_int32 ScanVolClone(FILE *, char *, afs_int32 *);
 
 static char * TapeName(char *atapeName)
 {
-    static char tbuffer[AFSDIR_PATH_MAX];
+    char *tbuffer;
 
-    /* construct the backup dir path */
-    strcpy(tbuffer, AFSDIR_SERVER_BACKUP_DIRPATH);
-    strcat(tbuffer, "/T");
-    strcat(tbuffer + 1, atapeName);
-    strcat(tbuffer, ".db");
+    if (asprintf(&tbuffer, "%s/T%s.db", AFSDIR_SERVER_BACKUP_DIRPATH,
+		 atapeName) < 0)
+	return NULL;
     return tbuffer;
 }
 
@@ -76,13 +74,11 @@ static char * TapeName(char *atapeName)
 
 static char * DumpName(afs_int32 adumpID)
 {
-    static char tbuffer[AFSDIR_PATH_MAX];
-    char buf[AFSDIR_PATH_MAX];
+    char *tbuffer;
 
-    /* construct the backup dir path */
-    strcpy(buf, AFSDIR_SERVER_BACKUP_DIRPATH);
-    strcat(buf, "/D%d.db");
-    sprintf(tbuffer, buf, adumpID);
+    if (asprintf(&tbuffer, "%s/D%d.db", AFSDIR_SERVER_BACKUP_DIRPATH,
+		 adumpID) < 0)
+	return NULL;
     return tbuffer;
 }
 
@@ -92,7 +88,10 @@ static FILE * OpenDump(afs_int32 adumpID, char * awrite)
     FILE *tfile;
 
     tp = DumpName(adumpID);
+    if (tp == NULL)
+	return NULL;
     tfile = fopen(tp, awrite);
+    free(tp);
     return tfile;
 }
 
@@ -105,8 +104,12 @@ FILE * OpenTape(char * atapeName, char * awrite)
 {
     char *tp;
     FILE *tfile;
+
     tp = TapeName(atapeName);
+    if (tp == NULL)
+	return NULL;
     tfile = fopen(tp, awrite);
+    free(tp);
     return tfile;
 }
 
@@ -159,8 +162,12 @@ static afs_int32 DeleteDump(afs_int32 adumpID)
 {
     char *tp;
     afs_int32 code;
+
     tp = DumpName(adumpID);
+    if (tp == NULL)
+	return ENOMEM;
     code = unlink(tp);
+    free(tp);
     if (code)
 	return code;
     code = ScanForChildren(adumpID);
@@ -172,8 +179,12 @@ static afs_int32 DeleteTape(char * atapeName)
 {
     char *tp;
     afs_int32 code;
+
     tp = TapeName(atapeName);
+    if (tp == NULL)
+	return ENOMEM;
     code = unlink(tp);
+    free(tp);
     return code;
 }
 #endif
diff --git a/src/butc/tcmain.c b/src/butc/tcmain.c
index d98fd79d4..65d25b7ea 100644
--- a/src/butc/tcmain.c
+++ b/src/butc/tcmain.c
@@ -954,7 +954,7 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
 	struct stat sbuf;
 	afs_int32 statcode;
 #ifndef AFS_NT40_ENV
-	char path[AFSDIR_PATH_MAX];
+	char *path;
 #endif
 
 	statcode = stat(centralLogFile, &sbuf);
@@ -966,7 +966,8 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
 	}
 #ifndef AFS_NT40_ENV
 	/* Make sure it is not in AFS, has to have been created first */
-	if (!realpath(centralLogFile, path)) {
+	path = malloc(AFSDIR_PATH_MAX);
+	if (path == NULL || !realpath(centralLogFile, path)) {
 	    fprintf(stderr,
 		    "Warning: can't determine real path of '%s' (%d)\n",
 		    centralLogFile, errno);
@@ -977,6 +978,7 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
 		exit(1);
 	    }
 	}
+	free(path);
 #endif
 
 	/* Write header if created it */
diff --git a/src/kauth/kaserver.c b/src/kauth/kaserver.c
index daa7b57f6..c402df2a2 100644
--- a/src/kauth/kaserver.c
+++ b/src/kauth/kaserver.c
@@ -163,7 +163,7 @@ main(int argc, char *argv[])
     const char *cellservdb, *dbpath, *lclpath;
     int a;
     char arg[32];
-    char default_lclpath[AFSDIR_PATH_MAX];
+    char *default_lclpath;
     int servers;
     int initFlags;
     int level;			/* security level for Ubik */
@@ -225,8 +225,12 @@ main(int argc, char *argv[])
 
     cellservdb = AFSDIR_SERVER_ETC_DIRPATH;
     dbpath = AFSDIR_SERVER_KADB_FILEPATH;
-    strcompose(default_lclpath, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH,
-	       "/", AFSDIR_KADB_FILE, (char *)NULL);
+
+    if (asprintf(&default_lclpath, "%s/%s", AFSDIR_SERVER_LOCAL_DIRPATH,
+		 AFSDIR_KADB_FILE) < 0) {
+	fprintf(stderr, "%s: No memory for default local dir path\n", argv[0]);
+	exit(2);
+    }
     lclpath = default_lclpath;
 
     debugOutput = 0;
diff --git a/src/kauth/kdb.c b/src/kauth/kdb.c
index 74dc18f45..241e94241 100644
--- a/src/kauth/kdb.c
+++ b/src/kauth/kdb.c
@@ -104,10 +104,11 @@ main(int argc, char **argv)
 {
     struct cmd_syndesc *ts;
     afs_int32 code;
-    char dbmfile_help[AFSDIR_PATH_MAX];
+    char *dbmfile_help;
 
-    sprintf(dbmfile_help, "dbmfile to use (default %s)",
-	    AFSDIR_SERVER_KALOGDB_FILEPATH);
+    if (asprintf(&dbmfile_help, "dbmfile to use (default %s)",
+		 AFSDIR_SERVER_KALOGDB_FILEPATH) < 0)
+	dbmfile_help = "dbmfile to use";
     dbmfile = AFSDIR_SERVER_KALOGDB_FILEPATH;
     ts = cmd_CreateSyntax(NULL, cmdproc, NULL, 0, "Dump contents of dbm database");
     cmd_AddParm(ts, "-dbmfile", CMD_SINGLE, CMD_OPTIONAL, dbmfile_help);
diff --git a/src/libadmin/cfg/cfgservers.c b/src/libadmin/cfg/cfgservers.c
index 687be725e..86a8f9aa2 100644
--- a/src/libadmin/cfg/cfgservers.c
+++ b/src/libadmin/cfg/cfgservers.c
@@ -1165,38 +1165,28 @@ cfg_UpdateServerStart(void *hostHandle,	/* host config handle */
     /* create and start update server instance */
 
     if (tst == 0) {
-	char argsBuf[AFSDIR_PATH_MAX], *args;
-	size_t argsLen = 0;
+	char *args = NULL;
+	int r;
 
 	if (exportClear != NULL && *exportClear != '\0') {
-	    argsLen += strlen("-clear ") + strlen(exportClear) + 1;
-	}
-	if (exportCrypt != NULL && *exportCrypt != '\0') {
-	    argsLen += strlen("-crypt ") + strlen(exportCrypt) + 1;
-	}
-
-	if (argsLen == 0) {
-	    args = NULL;
-	} else {
-	    if (argsLen <= AFSDIR_PATH_MAX) {
-		args = argsBuf;
+	    if (exportCrypt != NULL && *exportCrypt != '\0') {
+		r = asprintf(&args, "-clear %s -crypt %s",
+			     exportClear, exportCrypt);
 	    } else {
-		args = malloc(argsLen);
+		r = asprintf(&args, "-clear %s", exportClear);
 	    }
-
-	    if (args == NULL) {
-		tst = ADMNOMEM;
+	} else {
+	    if (exportCrypt != NULL && *exportCrypt != '\0') {
+		r = asprintf(&args, "-crypt %s", exportCrypt);
 	    } else {
-		if (exportClear == NULL) {
-		    sprintf(args, "-crypt %s", exportCrypt);
-		} else if (exportCrypt == NULL) {
-		    sprintf(args, "-clear %s", exportClear);
-		} else {
-		    sprintf(args, "-clear %s -crypt %s", exportClear,
-			    exportCrypt);
-		}
+		args = NULL;
+		r = 0;
 	    }
 	}
+	if (r < 0) {
+	    tst = ADMNOMEM;
+	    args = NULL;
+	}
 
 	if (tst == 0) {
 	    if (!SimpleProcessStart
@@ -1204,11 +1194,8 @@ cfg_UpdateServerStart(void *hostHandle,	/* host config handle */
 		 args, &tst2)) {
 		tst = tst2;
 	    }
-
-	    if (args != NULL && args != argsBuf) {
-			free(args);
-	    }
 	}
+	free(args);
     }
 
     if (tst != 0) {
@@ -1424,55 +1411,28 @@ cfg_UpdateClientStart(void *hostHandle,	/* host config handle */
     /* create and start update client instance */
 
     if (tst == 0) {
-	char argsBuf[AFSDIR_PATH_MAX], *args;
-	size_t argsLen = 0;
-
-	argsLen += strlen(upserver) + 1;
-
-	if (crypt) {
-	    argsLen += strlen("-crypt ");
-	} else {
-	    argsLen += strlen("-clear ");
-	}
+	char *args = NULL;
+	int r;
 
-	if (frequency != 0) {
-	    argsLen += strlen("-t ") + 10 /* max uint */  + 1;
-	}
-
-	argsLen += strlen(import) + 1;
-
-	if (argsLen <= AFSDIR_PATH_MAX) {
-	    args = argsBuf;
-	} else {
-	    args = malloc(argsLen);
-	}
+	if (frequency != 0)
+	    r = asprintf(&args, "%s %s -t %u %s", upserver,
+			 crypt ? "-crypt" : "-clear", frequency, import);
+	else
+	    r = asprintf(&args, "%s %s %s", upserver,
+			 crypt ? "-crypt" : "-clear", import);
 
-	if (args == NULL) {
+	if (r < 0) {
 	    tst = ADMNOMEM;
+	    args = NULL;
 	} else {
-	    /* set up argument buffer */
-	    if (crypt) {
-		sprintf(args, "%s -crypt ", upserver);
-	    } else {
-		sprintf(args, "%s -clear ", upserver);
-	    }
-	    if (frequency != 0) {
-		char *strp = args + strlen(args);
-		sprintf(strp, "-t %u ", frequency);
-	    }
-	    strcat(args, import);
-
 	    /* create and start instance */
 	    if (!SimpleProcessStart
 		(cfg_host->bosHandle, upclientInstance, UPCLIENT_EXEPATH,
 		 args, &tst2)) {
 		tst = tst2;
 	    }
-
-	    if (args != argsBuf) {
-			free(args);
-	    }
 	}
+	free(args);
     }
 
     if (tst != 0) {
@@ -1767,26 +1727,18 @@ SimpleProcessStart(void *bosHandle, const char *instance,
 {
     int rc = 1;
     afs_status_t tst2, tst = 0;
-    char cmdBuf[AFSDIR_PATH_MAX], *cmd;
-    size_t cmdLen;
+    char *cmd;
 
-    cmdLen = strlen(executable) + 1 + (args == NULL ? 0 : (strlen(args) + 1));
-
-    if (cmdLen <= AFSDIR_PATH_MAX) {
-	cmd = cmdBuf;
+    if (args == NULL) {
+	cmd = strdup(executable);
     } else {
-	cmd = malloc(cmdLen);
+	if (asprintf(&cmd, "%s %s", executable, args) < 0)
+	    cmd = NULL;
     }
 
     if (cmd == NULL) {
 	tst = ADMNOMEM;
     } else {
-	if (args == NULL) {
-	    strcpy(cmd, executable);
-	} else {
-	    sprintf(cmd, "%s %s", executable, args);
-	}
-
 	if (!bos_ProcessCreate
 	    (bosHandle, (char *)instance, BOS_PROCESS_SIMPLE, cmd, NULL, NULL, &tst2)
 	    && tst2 != BZEXISTS) {
@@ -1798,10 +1750,7 @@ SimpleProcessStart(void *bosHandle, const char *instance,
 	    /* failed to set instance state to running */
 	    tst = tst2;
 	}
-
-	if (cmd != cmdBuf) {
-	    free(cmd);
-	}
+	free(cmd);
     }
 
     if (tst != 0) {
diff --git a/src/ptserver/pts.c b/src/ptserver/pts.c
index bed6516ad..0b7742d70 100644
--- a/src/ptserver/pts.c
+++ b/src/ptserver/pts.c
@@ -1071,9 +1071,12 @@ ListOwned(struct cmd_syndesc *as, void *arock)
 static void
 add_std_args(struct cmd_syndesc *ts)
 {
-    char test_help[AFSDIR_PATH_MAX];
+    char *test_help;
 
-    sprintf(test_help, "use config file in %s", AFSDIR_SERVER_ETC_DIRPATH);
+    if (asprintf(&test_help, "use config file in %s",
+		 AFSDIR_SERVER_ETC_DIRPATH) < 0) {
+	test_help = strdup("use server config file");
+    }
 
     cmd_Seek(ts, 16);
     cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
@@ -1088,6 +1091,7 @@ add_std_args(struct cmd_syndesc *ts)
     cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL,
 		"encrypt commands");
     cmd_AddParm(ts, "-config", CMD_SINGLE, CMD_OPTIONAL, "config location");
+    free(test_help);
 }
 
 /*
diff --git a/src/update/client.c b/src/update/client.c
index c822d3d23..742c7f9a2 100644
--- a/src/update/client.c
+++ b/src/update/client.c
@@ -507,28 +507,45 @@ update_ReceiveFile(int fd, struct rx_call *call, struct stat *status)
 
 /*
  * PathsAreEquivalent() -- determine if paths are equivalent
+ * Returns 1 if yes, 0 if no, -1 on error.
  */
 static int
 PathsAreEquivalent(char *path1, char *path2)
 {
-    int areEq = 0;
-    char pathNorm1[AFSDIR_PATH_MAX], pathNorm2[AFSDIR_PATH_MAX];
+    int areEq = 0, code;
+    char *pathNorm1, *pathNorm2;
 
 #ifdef AFS_NT40_ENV
     /* case-insensitive comparison of normalized, same-flavor (short) paths */
     DWORD status;
 
+    pathNorm1 = malloc(AFSDIR_PATH_MAX);
+    if (pathNorm1 == NULL)
+	return -1;
     status = GetShortPathName(path1, pathNorm1, AFSDIR_PATH_MAX);
     if (status == 0 || status > AFSDIR_PATH_MAX) {
 	/* can't convert path to short version; just use long version */
-	strcpy(pathNorm1, path1);
+	free(pathNorm1);
+	pathNorm1 = strdup(path1);
+	if (pathNorm1 == NULL)
+	    return -1;
     }
     FilepathNormalize(pathNorm1);
 
+    pathNorm2 = malloc(AFSDIR_PATH_MAX);
+    if (pathNorm2 == NULL) {
+	code = -1;
+	goto out;
+    }
     status = GetShortPathName(path2, pathNorm2, AFSDIR_PATH_MAX);
     if (status == 0 || status > AFSDIR_PATH_MAX) {
 	/* can't convert path to short version; just use long version */
-	strcpy(pathNorm2, path2);
+	free(pathNorm2);
+	pathNorm2 = strdup(path2);
+	if (pathNorm2 == NULL) {
+	    code = -1;
+	    goto out;
+	}
     }
     FilepathNormalize(pathNorm2);
 
@@ -537,17 +554,27 @@ PathsAreEquivalent(char *path1, char *path2)
     }
 #else
     /* case-sensitive comparison of normalized paths */
-    strcpy(pathNorm1, path1);
+    pathNorm1 = strdup(path1);
+    if (pathNorm1 == NULL)
+	return -1;
     FilepathNormalize(pathNorm1);
 
-    strcpy(pathNorm2, path2);
+    pathNorm2 = strdup(path2);
+    if (pathNorm2 == NULL) {
+	code = -1;
+	goto out;
+    }
     FilepathNormalize(pathNorm2);
 
     if (strcmp(pathNorm1, pathNorm2) == 0) {
 	areEq = 1;
     }
 #endif /* AFS_NT40_ENV */
-    return areEq;
+    code = 0;
+out:
+    free(pathNorm1);
+    free(pathNorm2);
+    return (code != 0) ? code : areEq;
 }
 
 
@@ -577,11 +604,12 @@ NotOnHost(char *filename, struct filestr *okhostfiles)
 	    afs_com_err(whoami, rc, "Unable to construct local path");
 	    return -1;
 	}
-	if (PathsAreEquivalent(hostfile, filename)) {
-	    free(hostfile);
-	    return 0;
-	}
+	rc = PathsAreEquivalent(hostfile, filename);
 	free(hostfile);
+	if (rc < 0)
+	    return -1;
+	if (rc)
+	    return 0;
     }
     return 1;
 }
diff --git a/src/update/server.c b/src/update/server.c
index 03f928423..c2985d375 100644
--- a/src/update/server.c
+++ b/src/update/server.c
@@ -62,29 +62,46 @@ update_rxstat_userok(struct rx_call *call)
 
 /*
  * PathInDirectory() -- determine if path is in directory (or is directory)
+ * Returns 1 if yes, 0 if no, -1 on error.
  */
 static int
 PathInDirectory(char *dir, char *path)
 {
-    int inDir = 0;
+    int inDir = 0, code;
     size_t dirLen;
-    char dirNorm[AFSDIR_PATH_MAX], pathNorm[AFSDIR_PATH_MAX];
+    char *dirNorm, *pathNorm;
 
 #ifdef AFS_NT40_ENV
     /* case-insensitive comparison of normalized, same-flavor (short) paths */
     DWORD status;
 
+    dirNorm = malloc(AFSDIR_PATH_MAX);
+    if (dirNorm == NULL)
+	return -1;
     status = GetShortPathName(dir, dirNorm, AFSDIR_PATH_MAX);
     if (status == 0 || status > AFSDIR_PATH_MAX) {
 	/* can't convert path to short version; just use long version */
-	strcpy(dirNorm, dir);
+	free(dirNorm);
+	dirNorm = strdup(dir);
+	if (dirNorm == NULL)
+	    return -1;
     }
     FilepathNormalize(dirNorm);
 
+    pathNorm = malloc(AFSDIR_PATH_MAX);
+    if (pathNorm == NULL) {
+	code = -1;
+	goto out;
+    }
     status = GetShortPathName(path, pathNorm, AFSDIR_PATH_MAX);
     if (status == 0 || status > AFSDIR_PATH_MAX) {
 	/* can't convert path to short version; just use long version */
-	strcpy(pathNorm, path);
+	free(pathNorm);
+	pathNorm = strdup(path);
+	if (pathNorm == NULL) {
+	    code = -1;
+	    goto out;
+	}
     }
     FilepathNormalize(pathNorm);
 
@@ -98,10 +115,16 @@ PathInDirectory(char *dir, char *path)
     }
 #else
     /* case-sensitive comparison of normalized paths */
-    strcpy(dirNorm, dir);
+    dirNorm = strdup(dir);
+    if (dirNorm == NULL)
+	return -1;
     FilepathNormalize(dirNorm);
 
-    strcpy(pathNorm, path);
+    pathNorm = strdup(path);
+    if (pathNorm == NULL) {
+	code = -1;
+	goto out;
+    }
     FilepathNormalize(pathNorm);
 
     dirLen = strlen(dirNorm);
@@ -113,13 +136,17 @@ PathInDirectory(char *dir, char *path)
 	}
     }
 #endif /* AFS_NT40_ENV */
-    return inDir;
+    code = 0;
+out:
+    free(dirNorm);
+    free(pathNorm);
+    return (code != 0) ? code : inDir;
 }
 
 int
 AuthOkay(struct rx_call *call, char *name)
 {
-    int i;
+    int i, r;
     rxkad_level level;
     afs_int32 code;
     int matches;
@@ -137,7 +164,10 @@ AuthOkay(struct rx_call *call, char *name)
 
     matches = 0;
     for (i = 0; i < nDirs; i++) {
-	if (PathInDirectory(dirName[i], name)) {
+	r = PathInDirectory(dirName[i], name);
+	if (r < 0)
+	    return 0;
+	if (r) {
 	    if (dirLevel[i] > level)
 		return 0;
 	    matches++;
diff --git a/src/vol/daemon_com.c b/src/vol/daemon_com.c
index 1ce56c9c7..9b5149a29 100644
--- a/src/vol/daemon_com.c
+++ b/src/vol/daemon_com.c
@@ -81,17 +81,13 @@ static int SYNC_ask_internal(SYNC_client_state * state, SYNC_command * com, SYNC
 void
 SYNC_getAddr(SYNC_endpoint_t * endpoint, SYNC_sockaddr_t * addr)
 {
-#ifdef USE_UNIX_SOCKETS
-    char tbuffer[AFSDIR_PATH_MAX];
-#endif /* USE_UNIX_SOCKETS */
-
     memset(addr, 0, sizeof(*addr));
 
 #ifdef USE_UNIX_SOCKETS
-    strcompose(tbuffer, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH, "/",
-               endpoint->un, (char *)NULL);
     addr->sun_family = AF_UNIX;
-    strncpy(addr->sun_path, tbuffer, (sizeof(struct sockaddr_un) - sizeof(short)));
+    snprintf(addr->sun_path, sizeof(addr->sun_path), "%s/%s",
+	     AFSDIR_SERVER_LOCAL_DIRPATH, endpoint->un);
+    addr->sun_path[sizeof(addr->sun_path) - 1] = '\0';
 #else  /* !USE_UNIX_SOCKETS */
 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
     addr->sin_len = sizeof(struct sockaddr_in);
diff --git a/src/vol/salvaged.c b/src/vol/salvaged.c
index 5a6947e25..302d27f44 100644
--- a/src/vol/salvaged.c
+++ b/src/vol/salvaged.c
@@ -603,7 +603,7 @@ SalvageServer(int argc, char **argv)
 static int
 DoSalvageVolume(struct SalvageQueueNode * node, int slot)
 {
-    char childLog[AFSDIR_PATH_MAX];
+    char *childLog;
     struct DiskPartition64 * partP;
 
     /* do not allow further forking inside salvager */
@@ -613,13 +613,17 @@ DoSalvageVolume(struct SalvageQueueNode * node, int slot)
      * another thread may have held the lock on the FILE
      * structure when fork was called! */
 
-    snprintf(childLog, sizeof(childLog), "%s.%d",
-	     AFSDIR_SERVER_SLVGLOG_FILEPATH, getpid());
-
-    logFile = afs_fopen(childLog, "a");
-    if (!logFile) {		/* still nothing, use stdout */
+    if (asprintf(&childLog, "%s.%d",
+		 AFSDIR_SERVER_SLVGLOG_FILEPATH, getpid()) < 0) {
 	logFile = stdout;
 	ShowLog = 0;
+    } else {
+	logFile = afs_fopen(childLog, "a");
+	if (!logFile) {		/* still nothing, use stdout */
+	    logFile = stdout;
+	    ShowLog = 0;
+	}
+	free(childLog);
     }
 
     if (node->command.sop.parent <= 0) {
@@ -754,15 +758,15 @@ static int
 SalvageLogCleanup(int pid)
 {
     int pidlog, len;
-    char fn[AFSDIR_PATH_MAX];
+    char *fn;
     static char buf[LOG_XFER_BUF_SIZE];
 
-    snprintf(fn, sizeof(fn), "%s.%d",
-	     AFSDIR_SERVER_SLVGLOG_FILEPATH, pid);
-
+    if (asprintf(&fn, "%s.%d", AFSDIR_SERVER_SLVGLOG_FILEPATH, pid) < 0)
+	return 1;
 
     pidlog = open(fn, O_RDONLY);
     unlink(fn);
+    free(fn);
     if (pidlog < 0)
 	return 1;
 
@@ -794,17 +798,15 @@ static void *
 SalvageLogScanningThread(void * arg)
 {
     struct rx_queue log_watch_queue;
+    char *prefix;
+    int prefix_len;
 
     queue_Init(&log_watch_queue);
 
-    {
+    prefix_len = asprintf(&prefix, "%s.", AFSDIR_SLVGLOG_FILE);
+    if (prefix_len >= 0) {
 	DIR *dp;
 	struct dirent *dirp;
-	char prefix[AFSDIR_PATH_MAX];
-	size_t prefix_len;
-
-	snprintf(prefix, sizeof(prefix), "%s.", AFSDIR_SLVGLOG_FILE);
-	prefix_len = strlen(prefix);
 
 	dp = opendir(AFSDIR_LOGS_DIR);
 	opr_Assert(dp);
@@ -846,7 +848,7 @@ SalvageLogScanningThread(void * arg)
 
 	    queue_Append(&log_watch_queue, cleanup);
 	}
-
+	free(prefix);
 	closedir(dp);
     }
 
diff --git a/src/vol/vol-salvage.c b/src/vol/vol-salvage.c
index f961d9c57..8ad286d4b 100644
--- a/src/vol/vol-salvage.c
+++ b/src/vol/vol-salvage.c
@@ -4832,7 +4832,7 @@ TimeStamp(time_t clock, int precision)
 void
 CheckLogFile(char * log_path)
 {
-    char oldSlvgLog[AFSDIR_PATH_MAX];
+    char *oldSlvgLog;
 
 #ifndef AFS_NT40_ENV
     if (useSyslog) {
@@ -4841,10 +4841,11 @@ CheckLogFile(char * log_path)
     }
 #endif
 
-    strcpy(oldSlvgLog, log_path);
-    strcat(oldSlvgLog, ".old");
     if (!logFile) {
-	rk_rename(log_path, oldSlvgLog);
+	if (asprintf(&oldSlvgLog, "%s.old", log_path) >= 0) {
+	    rk_rename(log_path, oldSlvgLog);
+	    free(oldSlvgLog);
+	}
 	logFile = afs_fopen(log_path, "a");
 
 	if (!logFile) {		/* still nothing, use stdout */
@@ -4861,21 +4862,22 @@ CheckLogFile(char * log_path)
 void
 TimeStampLogFile(char * log_path)
 {
-    char stampSlvgLog[AFSDIR_PATH_MAX];
+    char *stampSlvgLog;
     struct tm *lt;
     time_t now;
 
     now = time(0);
     lt = localtime(&now);
-    snprintf(stampSlvgLog, sizeof stampSlvgLog,
-	     "%s.%04d-%02d-%02d.%02d:%02d:%02d", log_path,
-	     lt->tm_year + 1900, lt->tm_mon + 1, lt->tm_mday, lt->tm_hour,
-	     lt->tm_min, lt->tm_sec);
-
-    /* try to link the logfile to a timestamped filename */
-    /* if it fails, oh well, nothing we can do */
-    if (link(log_path, stampSlvgLog))
-	; /* oh well */
+    if (asprintf(&stampSlvgLog,
+		 "%s.%04d-%02d-%02d.%02d:%02d:%02d", log_path,
+		 lt->tm_year + 1900, lt->tm_mon + 1, lt->tm_mday, lt->tm_hour,
+		 lt->tm_min, lt->tm_sec) >= 0) {
+	/* try to link the logfile to a timestamped filename */
+	/* if it fails, oh well, nothing we can do */
+	if (link(log_path, stampSlvgLog))
+	    ; /* oh well */
+	free(stampSlvgLog);
+    }
 }
 #endif
 
@@ -5039,7 +5041,7 @@ int
 nt_SetupPartitionSalvage(void *datap, int len)
 {
     childJob_t *jobp = (childJob_t *) datap;
-    char logname[AFSDIR_PATH_MAX];
+    char *logname;
 
     if (len != sizeof(childJob_t))
 	return -1;
@@ -5048,9 +5050,11 @@ nt_SetupPartitionSalvage(void *datap, int len)
     myjob = *jobp;
 
     /* Open logFile */
-    (void)sprintf(logname, "%s.%d", AFSDIR_SERVER_SLVGLOG_FILEPATH,
-		  myjob.cj_number);
+    if (asprintf(&logname, "%s.%d", AFSDIR_SERVER_SLVGLOG_FILEPATH,
+		 myjob.cj_number) < 0)
+	return -1;
     logFile = afs_fopen(logname, "w");
+    free(logname);
     if (!logFile)
 	logFile = stdout;
 
-- 
2.39.5