diff -up gnutls-2.10.3/src/serv.c.sprintf gnutls-2.10.3/src/serv.c
--- gnutls-2.10.3/src/serv.c.sprintf	2010-11-01 13:18:24.000000000 +0100
+++ gnutls-2.10.3/src/serv.c	2010-12-02 15:13:12.000000000 +0100
@@ -438,7 +438,7 @@ static const char DEFAULT_DATA[] =
 
 /* Creates html with the current session information.
  */
-#define tmp2 &http_buffer[strlen(http_buffer)]
+#define tmp2 &http_buffer[strlen(http_buffer)], len-strlen(http_buffer)
 static char *
 peer_print_info (gnutls_session_t session, int *ret_length,
 		 const char *header)
@@ -448,7 +448,7 @@ peer_print_info (gnutls_session_t sessio
   size_t i, sesid_size;
   char *http_buffer;
   gnutls_kx_algorithm_t kx_alg;
-  size_t len = 5 * 1024 + strlen (header);
+  size_t len = 20 * 1024 + strlen (header);
   char *crtinfo = NULL;
   size_t ncrtinfo = 0;
 
@@ -512,11 +512,11 @@ peer_print_info (gnutls_session_t sessio
 
   /* print session_id */
   gnutls_session_get_id (session, sesid, &sesid_size);
-  sprintf (tmp2, "\n<p>Session ID: <i>");
+  snprintf (tmp2, "\n<p>Session ID: <i>");
   for (i = 0; i < sesid_size; i++)
-    sprintf (tmp2, "%.2X", sesid[i]);
-  sprintf (tmp2, "</i></p>\n");
-  sprintf (tmp2,
+    snprintf (tmp2, "%.2X", sesid[i]);
+  snprintf (tmp2, "</i></p>\n");
+  snprintf (tmp2,
 	   "<h5>If your browser supports session resuming, then you should see the "
 	   "same session ID, when you press the <b>reload</b> button.</h5>\n");
 
@@ -530,7 +530,7 @@ peer_print_info (gnutls_session_t sessio
 
     if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
       {
-	sprintf (tmp2, "\n<p>Server Name: %s</p>\n", dns);
+	snprintf (tmp2, "\n<p>Server Name: %s</p>\n", dns);
       }
 
   }
@@ -541,7 +541,7 @@ peer_print_info (gnutls_session_t sessio
 #ifdef ENABLE_SRP
   if (kx_alg == GNUTLS_KX_SRP)
     {
-      sprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
+      snprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
 	       gnutls_srp_server_get_username (session));
     }
 #endif
@@ -549,7 +549,7 @@ peer_print_info (gnutls_session_t sessio
 #ifdef ENABLE_PSK
   if (kx_alg == GNUTLS_KX_PSK)
     {
-      sprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
+      snprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
 	       gnutls_psk_server_get_username (session));
     }
 #endif
@@ -557,7 +557,7 @@ peer_print_info (gnutls_session_t sessio
 #ifdef ENABLE_ANON
   if (kx_alg == GNUTLS_KX_ANON_DH)
     {
-      sprintf (tmp2,
+      snprintf (tmp2,
 	       "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
 	       gnutls_dh_get_prime_bits (session));
     }
@@ -565,7 +565,7 @@ peer_print_info (gnutls_session_t sessio
 
   if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS)
     {
-      sprintf (tmp2,
+      snprintf (tmp2,
 	       "Ephemeral DH using prime of <b>%d</b> bits.<br>\n",
 	       gnutls_dh_get_prime_bits (session));
     }
@@ -576,7 +576,7 @@ peer_print_info (gnutls_session_t sessio
   tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session));
   if (tmp == NULL)
     tmp = str_unknown;
-  sprintf (tmp2,
+  snprintf (tmp2,
 	   "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n",
 	   tmp);
 
@@ -587,50 +587,44 @@ peer_print_info (gnutls_session_t sessio
 					  (session));
       if (tmp == NULL)
 	tmp = str_unknown;
-      sprintf (tmp2, "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n", tmp);
+      snprintf (tmp2, "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n", tmp);
     }
 
   tmp = gnutls_kx_get_name (kx_alg);
   if (tmp == NULL)
     tmp = str_unknown;
-  sprintf (tmp2, "<TR><TD>Key Exchange:</TD><TD>%s</TD></TR>\n", tmp);
+  snprintf (tmp2, "<TR><TD>Key Exchange:</TD><TD>%s</TD></TR>\n", tmp);
 
   tmp = gnutls_compression_get_name (gnutls_compression_get (session));
   if (tmp == NULL)
     tmp = str_unknown;
-  sprintf (tmp2, "<TR><TD>Compression</TD><TD>%s</TD></TR>\n", tmp);
+  snprintf (tmp2, "<TR><TD>Compression</TD><TD>%s</TD></TR>\n", tmp);
 
   tmp = gnutls_cipher_get_name (gnutls_cipher_get (session));
   if (tmp == NULL)
     tmp = str_unknown;
-  sprintf (tmp2, "<TR><TD>Cipher</TD><TD>%s</TD></TR>\n", tmp);
+  snprintf (tmp2, "<TR><TD>Cipher</TD><TD>%s</TD></TR>\n", tmp);
 
   tmp = gnutls_mac_get_name (gnutls_mac_get (session));
   if (tmp == NULL)
     tmp = str_unknown;
-  sprintf (tmp2, "<TR><TD>MAC</TD><TD>%s</TD></TR>\n", tmp);
+  snprintf (tmp2, "<TR><TD>MAC</TD><TD>%s</TD></TR>\n", tmp);
 
   tmp = gnutls_cipher_suite_get_name (kx_alg,
 				      gnutls_cipher_get (session),
 				      gnutls_mac_get (session));
   if (tmp == NULL)
     tmp = str_unknown;
-  sprintf (tmp2, "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n",
+  snprintf (tmp2, "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n",
 	   tmp);
 
   if (crtinfo)
     {
-      strcat (http_buffer, "<hr><PRE>");
-      strcat (http_buffer, crtinfo);
-      strcat (http_buffer, "\n</PRE>\n");
+      snprintf(tmp2, "<hr><PRE>%s\n</PRE>\n", crtinfo);
       free (crtinfo);
     }
 
-  strcat (http_buffer, "<hr><P>Your HTTP header was:<PRE>");
-  strcat (http_buffer, header);
-  strcat (http_buffer, "</PRE></P>");
-
-  strcat (http_buffer, "\n" HTTP_END);
+  snprintf(tmp2, "<hr><P>Your HTTP header was:<PRE>%s</PRE></P>\n" HTTP_END, header);
 
   *ret_length = strlen (http_buffer);