--- curl-7.12.1/lib/http_ntlm.c.over	2004-07-04 23:54:49.000000000 +0200
+++ curl-7.12.1/lib/http_ntlm.c	2005-03-24 14:31:31.380070472 +0100
@@ -103,7 +103,6 @@
     header++;
 
   if(checkprefix("NTLM", header)) {
-    unsigned char buffer[256];
     header += strlen("NTLM");
 
     while(*header && isspace((int)*header))
@@ -123,7 +122,9 @@
          (40)    Target Information  (optional) security buffer(*)
          32 (48) start of data block
       */
-
+      unsigned char *buffer = (unsigned char *)malloc(strlen(header));
+      if (buffer == NULL)
+        return CURLNTLM_BAD;
       size_t size = Curl_base64_decode(header, (char *)buffer);
 
       ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
@@ -133,7 +134,7 @@
         memcpy(ntlm->nonce, &buffer[24], 8);
 
       /* at index decimal 20, there's a 32bit NTLM flag field */
-
+      free(buffer); 
     }
     else {
       if(ntlm->state >= NTLMSTATE_TYPE1)
--- curl-7.12.1/lib/krb4.c.over	2004-06-26 12:58:57.000000000 +0200
+++ curl-7.12.1/lib/krb4.c	2005-03-24 14:45:33.137103952 +0100
@@ -210,6 +210,7 @@
   int l = sizeof(conn->local_addr);
   struct SessionHandle *data = conn->data;
   CURLcode result;
+  unsigned char *adatabuffer;
 
   if(getsockname(conn->sock[FIRSTSOCKET],
                  (struct sockaddr *)LOCAL_ADDR, &l) < 0)
@@ -275,7 +276,15 @@
     return AUTH_ERROR;
   }
   p += 5;
-  len = Curl_base64_decode(p, (char *)adat.dat);
+  adatabuffer = (unsigned char *)malloc(strlen(p)+1);
+  if (adatabuffer == NULL){
+    Curl_failf(data, "Failed to decode base64 from server");
+    return AUTH_ERROR;
+  }
+  len = Curl_base64_decode(p, adatabuffer);
+  strncpy(adat.dat,adatabuffer, MAX_KTXT_LEN-1);
+  adat.dat[MAX_KTXT_LEN-1] = 0;
+  free(adatabuffer);
   if(len < 0) {
     Curl_failf(data, "Failed to decode base64 from server");
     return AUTH_ERROR;
@@ -321,6 +330,7 @@
   ssize_t nread;
   int save;
   CURLcode result;
+  unsigned char *tktbuffer;
 
   save = Curl_set_command_prot(conn, prot_private);
 
@@ -346,7 +356,16 @@
   }
 
   p += 2;
-  tmp = Curl_base64_decode(p, (char *)tkt.dat);
+  tktbuffer = (unsigned char *)malloc(strlen(p)+1)
+  if (tktbuffer == NULL){
+    Curl_failf(conn->data, "Failed to decode base64 in reply.\n");
+    Curl_set_command_prot(conn, save);	
+    return CURLE_FTP_WEIRD_SERVER_REPLY;
+  }
+  tmp = Curl_base64_decode(p, tktbuffer); 
+  strcpy(tkt.dat,tktbuffer, MAX_KTXT_LEN-1);
+  tkt.dat[MAX_KTXT_LEN-1] = 0;
+  free(tktbuffer);
   if(tmp < 0) {
     Curl_failf(conn->data, "Failed to decode base64 in reply.\n");
     Curl_set_command_prot(conn, save);