Index: usr.sbin/makefs/cd9660.c
===================================================================
--- usr.sbin/makefs/cd9660.c
+++ usr.sbin/makefs/cd9660.c
@@ -140,10 +140,11 @@
 static void cd9660_free_structure(cd9660node *);
 static int cd9660_generate_path_table(iso9660_disk *);
 static int cd9660_level1_convert_filename(iso9660_disk *, const char *, char *,
-    int);
+    size_t, int);
 static int cd9660_level2_convert_filename(iso9660_disk *, const char *, char *,
+    size_t, int);
+static int cd9660_convert_filename(iso9660_disk *, const char *, char *, size_t,
     int);
-static int cd9660_convert_filename(iso9660_disk *, const char *, char *, int);
 static void cd9660_populate_dot_records(iso9660_disk *, cd9660node *);
 static int64_t cd9660_compute_offsets(iso9660_disk *, cd9660node *, int64_t);
 #if 0
@@ -222,7 +223,8 @@
 	memset(diskStructure->primaryDescriptor.abstract_file_id, 0x20,37);
 	memset(diskStructure->primaryDescriptor.bibliographic_file_id, 0x20,37);
 
-	strcpy(diskStructure->primaryDescriptor.system_id, "FreeBSD");
+	strlcpy(diskStructure->primaryDescriptor.system_id, "FreeBSD",
+	    sizeof(diskStructure->primaryDescriptor.system_id));
 
 	/* Boot support: Initially disabled */
 	diskStructure->has_generic_bootimage = 0;
@@ -797,7 +799,7 @@
 	memset(temp, 0, ISO_FILENAME_MAXLENGTH_WITH_PADDING);
 
 	(void)cd9660_convert_filename(diskStructure, newnode->node->name,
-	    temp, !(S_ISDIR(newnode->node->type)));
+	    temp, sizeof(temp), !(S_ISDIR(newnode->node->type)));
 
 	flag = ISO_FLAG_CLEAR;
 	if (S_ISDIR(newnode->node->type))
@@ -1100,7 +1102,9 @@
 		while (digits > 0) {
 			digit = (int)(temp / powers);
 			temp = temp - digit * powers;
-			sprintf(&tmp[numbts] , "%d", digit);
+			snprintf(&tmp[numbts],
+			    ISO_FILENAME_MAXLENGTH_WITH_PADDING - numbts,
+			    "%d", digit);
 			digits--;
 			numbts++;
 			powers = powers / 10;
@@ -1566,7 +1570,7 @@
  */
 static int
 cd9660_level1_convert_filename(iso9660_disk *diskStructure, const char *oldname,
-    char *newname, int is_file)
+    char *newname, size_t newnamelen, int is_file)
 {
 	/*
 	 * ISO 9660 : 10.1
@@ -1577,6 +1581,7 @@
 	int namelen = 0;
 	int extlen = 0;
 	int found_ext = 0;
+	char *orignewname = newname;
 
 	while (*oldname != '\0' && extlen < 3) {
 		/* Handle period first, as it is special */
@@ -1613,7 +1618,7 @@
 		if (!found_ext && !diskStructure->omit_trailing_period)
 			*newname++ = '.';
 		/* Add version */
-		sprintf(newname, ";%i", 1);
+		snprintf(newname, newnamelen - (newname - orignewname), ";%i", 1);
 	}
 	return namelen + extlen + found_ext;
 }
@@ -1621,7 +1626,7 @@
 /* XXX bounds checking! */
 static int
 cd9660_level2_convert_filename(iso9660_disk *diskStructure, const char *oldname,
-    char *newname, int is_file)
+    char *newname, size_t newnamelen, int is_file)
 {
 	/*
 	 * ISO 9660 : 7.5.1
@@ -1635,6 +1640,7 @@
 	int namelen = 0;
 	int extlen = 0;
 	int found_ext = 0;
+	char *orignewname = newname;
 
 	while (*oldname != '\0' && namelen + extlen < 30) {
 		/* Handle period first, as it is special */
@@ -1675,7 +1681,7 @@
 		if (!found_ext && !diskStructure->omit_trailing_period)
 			*newname++ = '.';
 		/* Add version */
-		sprintf(newname, ";%i", 1);
+		snprintf(newname, newnamelen - (newname - orignewname), ";%i", 1);
 	}
 	return namelen + extlen + found_ext;
 }
@@ -1690,15 +1696,15 @@
  */
 static int
 cd9660_convert_filename(iso9660_disk *diskStructure, const char *oldname,
-    char *newname, int is_file)
+    char *newname, size_t newnamelen, int is_file)
 {
 	assert(1 <= diskStructure->isoLevel && diskStructure->isoLevel <= 2);
 	if (diskStructure->isoLevel == 1)
 		return(cd9660_level1_convert_filename(diskStructure,
-		    oldname, newname, is_file));
+		    oldname, newname, newnamelen, is_file));
 	else if (diskStructure->isoLevel == 2)
 		return (cd9660_level2_convert_filename(diskStructure,
-		    oldname, newname, is_file));
+		    oldname, newname, newnamelen, is_file));
 	abort();
 }
 
@@ -1910,7 +1916,7 @@
 	temp->isoDirRecord = emalloc(sizeof(*temp->isoDirRecord));
 
 	cd9660_convert_filename(diskStructure, tfsnode->name,
-	    temp->isoDirRecord->name, file);
+	    temp->isoDirRecord->name, sizeof(temp->isoDirRecord->name), file);
 
 	temp->node = tfsnode;
 	temp->parent = parent;