diff -r -u thttpd-2.20b.orig/extras/htpasswd.c thttpd-2.20b/extras/htpasswd.c
--- thttpd-2.20b.orig/extras/htpasswd.c	Thu May 28 21:23:48 1998
+++ thttpd-2.20b/extras/htpasswd.c	Sun Dec 16 15:10:22 2001
@@ -154,9 +154,10 @@
     char l[MAX_STRING_LEN];
     char w[MAX_STRING_LEN];
     char command[MAX_STRING_LEN];
+    char t[]="/tmp/htpXXXXXX";
     int found;
 
-    tn = NULL;
+    tn = t;
     signal(SIGINT,(void (*)(int))interrupted);
     if(argc == 4) {
         if(strcmp(argv[1],"-c"))
@@ -173,8 +174,7 @@
         exit(0);
     } else if(argc != 3) usage();
 
-    tn = tmpnam(NULL);
-    if(!(tfp = fopen(tn,"w"))) {
+    if(!(tfp = fdopen(mkstemp(t),"w"))) {
         fprintf(stderr,"Could not open temp file.\n");
         exit(1);
     }
diff -r -u thttpd-2.20b.orig/libhttpd.c thttpd-2.20b/libhttpd.c
--- thttpd-2.20b.orig/libhttpd.c	Wed Sep 27 18:13:24 2000
+++ thttpd-2.20b/libhttpd.c	Sun Dec 16 15:13:23 2001
@@ -884,8 +884,10 @@
 	}
 
     /* Decode it. */
+    memset(authinfo, 0, sizeof(authinfo));
     l = b64_decode( &(hc->authorization[6]), authinfo, sizeof(authinfo) );
-    authinfo[l] = '\0';
+    authinfo[sizeof(authinfo)-1] = '\0';
+
     /* Split into user and password. */
     authpass = strchr( authinfo, ':' );
     if ( authpass == (char*) 0 )
@@ -999,7 +1001,7 @@
     (void) my_snprintf( location, maxlocation,
 	"%s/", hc->encodedurl );
     httpd_realloc_str(
-	&header, &maxheader, sizeof(headstr) + strlen( location ) );
+	&header, &maxheader, sizeof(headstr) + strlen( location ) + 2);
     (void) my_snprintf( header, maxheader,
 	"%s%s\r\n", headstr, location );
     send_response( hc, 302, err302title, header, err302form, location );
@@ -3554,7 +3556,7 @@
     cp1 += 2;
     for ( cp2 = cp1; *cp2 != '/' && *cp2 != ':' && *cp2 != '\0'; ++cp2 )
 	continue;
-    httpd_realloc_str( &refhost, &refhost_size, cp2 - cp1 );
+    httpd_realloc_str( &refhost, &refhost_size, cp2 - cp1 + 1);
     for ( cp3 = refhost; cp1 < cp2; ++cp1, ++cp3 )
 	if ( isupper(*cp1) )
 	    *cp3 = tolower(*cp1);