Here's a small round of fixes for buffer overflows. They are related to
the recent security announcement, namely that the make_string()
function doesn't check the size of the buffer. The solution is mainly
based on the patch proposed by Martin Pitt at that time, namely to pass
the size of the buffer, but I'm leaning more in favor of dynamically
allocating buffers rather than using fixed-size arrays, so I used that
approach where possible.
Please inspect. If no one objects I'll install this patch in a few
days.