Index: head/libexec/tftpd/tftp-file.c
===================================================================
--- head/libexec/tftpd/tftp-file.c
+++ head/libexec/tftpd/tftp-file.c
@@ -36,6 +36,7 @@
 #include <netinet/in.h>
 #include <arpa/tftp.h>
 
+#include <assert.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -80,7 +81,8 @@
 		if (buffer[i] == '\n') {
 			if (n == 0) {
 				if (ftell(file) != 0) {
-					fseek(file, -1, SEEK_END);
+					int r = fseek(file, -1, SEEK_END);
+					assert(r == 0);
 					convbuffer[n++] = '\n';
 				} else {
 					/* This shouldn't happen */
Index: head/libexec/tftpd/tftp-io.c
===================================================================
--- head/libexec/tftpd/tftp-io.c
+++ head/libexec/tftpd/tftp-io.c
@@ -36,6 +36,7 @@
 #include <arpa/tftp.h>
 #include <arpa/inet.h>
 
+#include <assert.h>
 #include <errno.h>
 #include <setjmp.h>
 #include <signal.h>
@@ -395,7 +396,7 @@
 	struct sockaddr_storage *pfrom;
 	socklen_t fromlen;
 	int n;
-	static int waiting;
+	static int timed_out;
 
 	if (debug&DEBUG_PACKETS)
 		tftp_log(LOG_DEBUG,
@@ -403,23 +404,16 @@
 
 	pkt = (struct tftphdr *)data;
 
-	waiting = 0;
 	signal(SIGALRM, timeout);
-	setjmp(timeoutbuf);
+	timed_out = setjmp(timeoutbuf);
 	alarm(thistimeout);
 
-	if (waiting > 0) {
-		alarm(0);
-		return (RP_TIMEOUT);
-	}
-
-	if (waiting > 0) {
+	if (timed_out != 0) {
 		tftp_log(LOG_ERR, "receive_packet: timeout");
 		alarm(0);
 		return (RP_TIMEOUT);
 	}
 
-	waiting++;
 	pfrom = (from == NULL) ? &from_local : from;
 	fromlen = sizeof(*pfrom);
 	n = recvfrom(peer, data, size, 0, (struct sockaddr *)pfrom, &fromlen);
@@ -432,8 +426,6 @@
 		tftp_log(LOG_ERR, "receive_packet: timeout");
 		return (RP_TIMEOUT);
 	}
-
-	alarm(0);
 
 	if (n < 0) {
 		/* No idea what could have happened if it isn't a timeout */
Index: head/libexec/tftpd/tftp-utils.c
===================================================================
--- head/libexec/tftpd/tftp-utils.c
+++ head/libexec/tftpd/tftp-utils.c
@@ -270,11 +270,13 @@
 rp_strerror(int error)
 {
 	static char s[100];
+	size_t space = sizeof(s);
 	int i = 0;
 
 	while (rp_errors[i].desc != NULL) {
 		if (rp_errors[i].error == error) {
-			strcpy(s, rp_errors[i].desc);
+			strlcpy(s, rp_errors[i].desc, space);
+			space -= strlen(rp_errors[i].desc);
 		}
 		i++;
 	}
Index: head/libexec/tftpd/tftpd.c
===================================================================
--- head/libexec/tftpd/tftpd.c
+++ head/libexec/tftpd/tftpd.c
@@ -374,7 +374,10 @@
 			exit(1);
 		}
 		chdir("/");
-		setgroups(1, &nobody->pw_gid);
+		if (setgroups(1, &nobody->pw_gid) != 0) {
+			tftp_log(LOG_ERR, "setgroups failed");
+			exit(1);
+		}
 		if (setuid(nobody->pw_uid) != 0) {
 			tftp_log(LOG_ERR, "setuid failed");
 			exit(1);
@@ -522,7 +525,7 @@
 	cp = parse_header(peer, recvbuffer, size, &filename, &mode);
 	size -= (cp - recvbuffer) + 1;
 
-	strcpy(fnbuf, filename);
+	strlcpy(fnbuf, filename, sizeof(fnbuf));
 	reduce_path(fnbuf);
 	filename = fnbuf;
 
@@ -567,7 +570,7 @@
 	cp = parse_header(peer, recvbuffer, size, &filename, &mode);
 	size -= (cp - recvbuffer) + 1;
 
-	strcpy(fnbuf, filename);
+	strlcpy(fnbuf, filename, sizeof(fnbuf));
 	reduce_path(fnbuf);
 	filename = fnbuf;
 
@@ -804,6 +807,7 @@
 	time_t now;
 	struct tftp_stats ts;
 
+	memset(&ts, 0, sizeof(ts));
 	now = time(NULL);
 	if (debug&DEBUG_SIMPLE)
 		tftp_log(LOG_DEBUG, "Transmitting file");