--- smtpclient_main.c.orig	Tue Feb 24 11:49:07 2004
+++ smtpclient_main.c	Tue Feb 24 12:47:11 2004
@@ -86,7 +86,7 @@ void log(char *str, ...)
     char buf[1024];
 
     va_start(ap, str);
-    vsprintf(buf, str, ap);
+    vsnprintf(buf, 1024, str, ap);
     if (usesyslog)
         syslog(LOG_ERR, "SMTPclient: %s", buf);
     else
@@ -395,16 +395,16 @@ int main(int argc, char **argv)
         log("%s: unknown host\n", my_name);
         exit(1);
     }
-    strcpy(my_name, hp->h_name);
+    strlcpy(my_name, hp->h_name, sizeof(my_name));
 
     /*
      *  Determine from address.
      */
     if (from_addr == NULL) {
         if ((pwd = getpwuid(getuid())) == 0) {
-            sprintf(buf, "userid-%d@%s", getuid(), my_name);
+            snprintf(buf, (sizeof(buf) - 1), "userid-%d@%s", getuid(), my_name);
         } else {
-            sprintf(buf, "%s@%s", pwd->pw_name, my_name);
+            snprintf(buf, (sizeof(buf) - 1), "%s@%s", pwd->pw_name, my_name);
         }
         from_addr = strdup(buf);
     }
@@ -453,8 +453,20 @@ int main(int argc, char **argv)
     chat("MAIL FROM: <%s>\r\n", from_addr);
     for (i = optind; i < argc; i++)
         chat("RCPT TO: <%s>\r\n", argv[i]);
-    if (cc_addr)
-        chat("RCPT TO: <%s>\r\n", cc_addr);
+    if (cc_addr) {
+    	char *cc_tmp,*p;
+	if(!(cc_tmp=malloc(strlen(cc_addr+1)))) {
+	    log("memory allocation failed.");
+	    exit(1);
+	}
+	strcpy(cc_tmp,cc_addr);
+	p=strtok(cc_tmp,",");
+	while(p) {
+	    chat("RCPT TO: <%s>\r\n", p);
+	    p=strtok(NULL,",");
+	}
+	free(cc_tmp);
+    }
     chat("DATA\r\n");
 
     /*