diff -NrU5 libxml-1.8.17.original/nanoftp.c libxml-1.8.17/nanoftp.c
--- libxml-1.8.17.original/nanoftp.c	2009-08-13 20:09:55.000000000 +0000
+++ libxml-1.8.17/nanoftp.c	2009-08-13 20:11:39.000000000 +0000
@@ -219,24 +219,24 @@
         xmlFree(ctxt->path);
 	ctxt->path = NULL;
     }
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < 4090)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    ctxt->protocol = xmlMemStrdup(buf);
 	    index = 0;
             cur += 3;
 	    break;
 	}
 	buf[index++] = *cur++;
     }
-    if (*cur == 0) return;
+    if ((*cur == 0) || (index >= 4090)) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < 4090) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    ctxt->hostname = xmlMemStrdup(buf);
 	    index = 0;
 	    cur += 1;
@@ -256,16 +256,16 @@
 	    index = 0;
 	    break;
 	}
 	buf[index++] = *cur++;
     }
-    if (*cur == 0) 
+    if ((*cur == 0) || (index >= 4090))
         ctxt->path = xmlMemStrdup("/");
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < 4090))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
     }	
 }
@@ -299,26 +299,26 @@
     if (ctxt->protocol == NULL)
 	return(-1);
     if (ctxt->hostname == NULL)
 	return(-1);
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < 4090)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    if (strcmp(ctxt->protocol, buf))
 		return(-1);
 	    index = 0;
             cur += 3;
 	    break;
 	}
 	buf[index++] = *cur++;
     }
-    if (*cur == 0)
+    if ((*cur == 0) || (index >= 4090))
 	return(-1);
 
     buf[index] = 0;
-    while (1) {
+    while (index < 4090) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    if (strcmp(ctxt->hostname, buf))
 		return(-1);
 	    index = 0;
@@ -346,16 +346,16 @@
     if (ctxt->path != NULL) {
 	xmlFree(ctxt->path);
 	ctxt->path = NULL;
     }
 
-    if (*cur == 0) 
+    if ((*cur == 0) || (index >= 4090))
         ctxt->path = xmlMemStrdup("/");
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < 4090))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
     }	
     return(0);
@@ -391,23 +391,23 @@
     else
 	printf("Using FTP proxy %s\n", URL);
 #endif
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < 4090)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    index = 0;
             cur += 3;
 	    break;
 	}
 	buf[index++] = *cur++;
     }
-    if (*cur == 0) return;
+    if ((*cur == 0) || (index >= 4090)) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < 4090) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    proxy = xmlMemStrdup(buf);
 	    index = 0;
 	    cur += 1;
@@ -825,10 +825,14 @@
 	hp = gethostbyname(proxy);
     else
 	hp = gethostbyname(ctxt->hostname);
     if (hp == NULL)
         return(-1);
+    if (hp->h_length >
+        sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) {
+        return(-1);
+    }
 
     /*
      * Prepare the socket
      */
     memset(&ctxt->ftpAddr, 0, sizeof(ctxt->ftpAddr));
diff -NrU5 libxml-1.8.17.original/nanohttp.c libxml-1.8.17/nanohttp.c
--- libxml-1.8.17.original/nanohttp.c	2009-08-13 20:09:55.000000000 +0000
+++ libxml-1.8.17/nanohttp.c	2009-08-13 20:11:39.000000000 +0000
@@ -175,24 +175,24 @@
         xmlFree(ctxt->path);
 	ctxt->path = NULL;
     }
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) || (index < 4090)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    ctxt->protocol = xmlMemStrdup(buf);
 	    index = 0;
             cur += 3;
 	    break;
 	}
 	buf[index++] = *cur++;
     }
-    if (*cur == 0) return;
+    if ((*cur == 0) || (index >= 4090)) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < 4090) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    ctxt->hostname = xmlMemStrdup(buf);
 	    index = 0;
 	    cur += 1;
@@ -212,16 +212,16 @@
 	    index = 0;
 	    break;
 	}
 	buf[index++] = *cur++;
     }
-    if (*cur == 0) 
+    if ((*cur == 0) || (index >= 4090))
         ctxt->path = xmlMemStrdup("/");
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < 4090))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
     }	
 }
@@ -256,23 +256,23 @@
     else
 	printf("Using HTTP proxy %s\n", URL);
 #endif
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < 4090)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    index = 0;
             cur += 3;
 	    break;
 	}
 	buf[index++] = *cur++;
     }
-    if (*cur == 0) return;
+    if ((*cur == 0) || (index >= 4090)) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < 4090) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    proxy = xmlMemStrdup(buf);
 	    index = 0;
 	    cur += 1;