--- src/ftpd.c	Sat Jul  1 14:17:39 2000
+++ src/ftpd.c.new	Sat Jul  8 21:48:05 2000
@@ -1662,9 +1662,9 @@
     /* Display s/key challenge where appropriate. */
 
     if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
-	sprintf(buf, "Password required for %s.", name);
+	snprintf(buf, 128, "Password required for %s.", name);
     else
-	sprintf(buf, "%s %s for %s.", sbuf,
+	snprintf(buf, 128, "%s %s for %s.", sbuf,
 		pwok ? "allowed" : "required", name);
     return (buf);
 }
@@ -2572,7 +2572,7 @@
 #ifdef BSD_AUTH
 	if (ext_auth) {
 	    if ((salt = check_auth(the_user, passwd))) {
-		reply(530, salt);
+		reply(530, "%s", salt);
 #ifdef LOG_FAILED		/* 27-Apr-93      EHK/BM          */
 		syslog(LOG_INFO, "failed login from %s",
 		       remoteident);
@@ -6435,7 +6435,7 @@
 	dirlist = ftpglob(whichfiles);
 	sdirlist = dirlist;	/* save to free later */
 	if (globerr != NULL) {
-	    reply(550, globerr);
+	    reply(550, "%s", globerr);
 	    goto globfree;
 	}
 	else if (dirlist == NULL) {
@@ -6486,7 +6486,6 @@
 	    }
 	    goto globfree;
 	}
-	if ((st.st_mode & S_IFMT) != S_IFDIR) {
 	    if (dout == NULL) {
 		dout = dataconn("file list", (off_t) - 1, "w");
 		if (dout == NULL)
@@ -6509,7 +6508,6 @@
 		byte_count_out++;
 	    }
 #endif
-	}
     }
 
     if (dout != NULL) {