Index: kaffeine/src/player-parts/http.c
===================================================================
--- kaffeine/src/player-parts/http.c	(revision 521094)
+++ kaffeine/src/player-parts/http.c	(working copy)
@@ -308,7 +308,7 @@ static http_t *http_open (const char *mr
 
   http_t   *this;
   char     *proxy;
-  int       done,len,linenum;
+  int       done,len,linenum,buflen;
   char      mime_type[BUFSIZE+1];
 
   this = malloc (sizeof (http_t));
@@ -362,13 +362,13 @@ static http_t *http_open (const char *mr
   {
     char buf[256];
 
-    sprintf (buf, "http: opening >/%s< on host >%s<",
+    snprintf (buf, sizeof(buf), "http: opening >/%s< on host >%s<",
 	     this->filename, this->host);
 
     if (proxy != NULL)
-      sprintf(buf, "%s via proxy >%s<", buf, this->proxyhost);
+      snprintf(buf, sizeof(buf), "%s via proxy >%s<", buf, this->proxyhost);
 
-    sprintf(buf, "%s\n", buf);
+    snprintf(buf, sizeof(buf), "%s\n", buf);
 
     printf (buf);
   }
@@ -389,35 +389,42 @@ static http_t *http_open (const char *mr
 
   if (proxy != NULL)
     if (this->port != DEFAULT_HTTP_PORT)
-      sprintf (this->buf, "GET http://%s:%d/%s HTTP/1.0\015\012",
-	       this->host, this->port, this->filename);
+      snprintf (this->buf, BUFSIZE, "GET http://%s:%d/%s HTTP/1.0\015\012",
+	        this->host, this->port, this->filename);
     else
-      sprintf (this->buf, "GET http://%s/%s HTTP/1.0\015\012",
-	       this->host, this->filename);
+      snprintf (this->buf, BUFSIZE, "GET http://%s/%s HTTP/1.0\015\012",
+	        this->host, this->filename);
   else
-    sprintf (this->buf, "GET /%s HTTP/1.0\015\012", this->filename);
+    snprintf (this->buf, BUFSIZE, "GET /%s HTTP/1.0\015\012", this->filename);
 
+  buflen = strlen(this->buf);
   if (this->port != DEFAULT_HTTP_PORT)
-    sprintf (this->buf + strlen(this->buf), "Host: %s:%d\015\012",
-	     this->host, this->port);
+    snprintf (this->buf + buflen, BUFSIZE - buflen, "Host: %s:%d\015\012",
+	      this->host, this->port);
   else
-    sprintf (this->buf + strlen(this->buf), "Host: %s\015\012",
-	     this->host);
+    snprintf (this->buf + buflen, BUFSIZE - buflen, "Host: %s\015\012",
+	      this->host);
 
-  if (this->proxyuser != NULL)
-    sprintf (this->buf + strlen(this->buf), "Proxy-Authorization: Basic %s\015\012",
-	     this->proxyauth);
+  buflen = strlen(this->buf);
+  if (this->proxyuser != NULL) {
+    snprintf (this->buf + buflen, BUFSIZE - buflen, "Proxy-Authorization: Basic %s\015\012",
+	      this->proxyauth);
+    buflen = strlen(this->buf);
+  }
 
-  if (this->user != NULL)
-    sprintf (this->buf + strlen(this->buf), "Authorization: Basic %s\015\012",
-	     this->auth);
+  if (this->user != NULL) {
+    snprintf (this->buf + buflen, BUFSIZE - buflen, "Authorization: Basic %s\015\012",
+	      this->auth);
+    buflen = strlen(this->buf);
+  }
 
-  sprintf (this->buf + strlen(this->buf), "User-Agent: xine/%s\015\012",
+  snprintf (this->buf + buflen, BUFSIZE - buflen, "User-Agent: xine/%s\015\012",
 	   VERSION);
 
-  strcat (this->buf, "Accept: */*\015\012");
-
-  strcat (this->buf, "\015\012");
+  buflen = strlen(this->buf);
+  snprintf (this->buf + buflen, BUFSIZE - buflen, "Accept: */*\015\012");
+  buflen = strlen(this->buf);
+  snprintf (this->buf + buflen, BUFSIZE - buflen, "\015\012");
 
   if (write (this->fh, this->buf, strlen(this->buf)) != (ssize_t)strlen(this->buf)) {
     free (this);