diff -ru mpg123.orig/files/patch-httpget.c mpg123/files/patch-httpget.c
--- mpg123.orig/files/patch-httpget.c	Sun Oct 24 19:25:52 2004
+++ mpg123/files/patch-httpget.c	Sun Oct 24 23:24:40 2004
@@ -1,6 +1,6 @@
---- httpget.c.orig	2003-11-13 18:34:37.000000000 +0000
-+++ httpget.c	2003-11-13 18:35:10.000000000 +0000
-@@ -55,11 +55,10 @@ void readstring (char *string, int maxle
+--- httpget.c.orig	Sun Oct 24 19:33:47 2004
++++ httpget.c	Sun Oct 24 19:34:18 2004
+@@ -55,11 +55,10 @@
  #endif
  	int pos = 0;
  
@@ -13,7 +13,7 @@
  				break;
  			}
  		}
-@@ -68,6 +67,7 @@ void readstring (char *string, int maxle
+@@ -68,6 +67,7 @@
  			exit(1);
  		}
  	}
@@ -21,3 +21,32 @@
  #if 0
  	do {
  		result = fgets(string, maxlen, f);
+@@ -126,7 +126,13 @@
+       if( url[i] == '/' )
+          return 0;
+     }
+-    strncpy(auth,url,pos-url);
++
++    /* cut up the string to prevent scary BOF */
++    if (pos-url > 255)
++	strncpy(auth,url,255);
++    else
++	strncpy(auth,url,pos-url);
++
+     auth[pos-url] = 0;
+     strcpy(url,pos+1);
+     return 1;
+@@ -292,11 +298,11 @@
+ 			}
+ 			strcat (request, sptr);
+ 		}
+-		sprintf (request + strlen(request),
++		snprintf (request + strlen(request), linelength - strlen(request),
+ 			" HTTP/1.0\r\nUser-Agent: %s/%s\r\n",
+ 			prgName, prgVersion);
+ 		if (host) {
+-			sprintf(request + strlen(request),
++			snprintf(request + strlen(request), linelength - strlen(request),
+ 				"Host: %s:%s\r\n", host, myport);
+ #if 0
+ 			free (host);