Index: usr.sbin/tzsetup/tzsetup.c
===================================================================
--- usr.sbin/tzsetup/tzsetup.c
+++ usr.sbin/tzsetup/tzsetup.c
@@ -943,20 +943,27 @@
 		usage();
 
 	if (chrootenv == NULL) {
-		strcpy(path_zonetab, _PATH_ZONETAB);
-		strcpy(path_iso3166, _PATH_ISO3166);
-		strcpy(path_zoneinfo, _PATH_ZONEINFO);
-		strcpy(path_localtime, _PATH_LOCALTIME);
-		strcpy(path_db, _PATH_DB);
-		strcpy(path_wall_cmos_clock, _PATH_WALL_CMOS_CLOCK);
+		strlcpy(path_zonetab, _PATH_ZONETAB, sizeof(path_zonetab));
+		strlcpy(path_iso3166, _PATH_ISO3166, sizeof(path_iso3166));
+		strlcpy(path_zoneinfo, _PATH_ZONEINFO, sizeof(path_zoneinfo));
+		strlcpy(path_localtime, _PATH_LOCALTIME,
+		    sizeof(path_localtime));
+		strlcpy(path_db, _PATH_DB, sizeof(path_db));
+		strlcpy(path_wall_cmos_clock, _PATH_WALL_CMOS_CLOCK,
+		    sizeof(path_wall_cmos_clock));
 	} else {
-		sprintf(path_zonetab, "%s/%s", chrootenv, _PATH_ZONETAB);
-		sprintf(path_iso3166, "%s/%s", chrootenv, _PATH_ISO3166);
-		sprintf(path_zoneinfo, "%s/%s", chrootenv, _PATH_ZONEINFO);
-		sprintf(path_localtime, "%s/%s", chrootenv, _PATH_LOCALTIME);
-		sprintf(path_db, "%s/%s", chrootenv, _PATH_DB);
-		sprintf(path_wall_cmos_clock, "%s/%s", chrootenv,
-		    _PATH_WALL_CMOS_CLOCK);
+		snprintf(path_zonetab, sizeof(path_zonetab), "%s/%s",
+		    chrootenv, _PATH_ZONETAB);
+		snprintf(path_iso3166, sizeof(path_iso3166), "%s/%s",
+		    chrootenv, _PATH_ISO3166);
+		snprintf(path_zoneinfo, sizeof(path_zoneinfo), "%s/%s",
+		    chrootenv, _PATH_ZONEINFO);
+		snprintf(path_localtime, sizeof(path_localtime), "%s/%s",
+		    chrootenv, _PATH_LOCALTIME);
+		snprintf(path_db, sizeof(path_db), "%s/%s",
+		    chrootenv, _PATH_DB);
+		snprintf(path_wall_cmos_clock, sizeof(path_wall_cmos_clock),
+		    "%s/%s", chrootenv, _PATH_WALL_CMOS_CLOCK);
 	}
 
 	/* Override the user-supplied umask. */