diff --git a/crypto/dist/ipsec-tools/src/racoon/admin.c b/crypto/dist/ipsec-tools/src/racoon/admin.c
index 3d13802963e7e..b56dd2c0ab111 100644
--- a/crypto/dist/ipsec-tools/src/racoon/admin.c
+++ b/crypto/dist/ipsec-tools/src/racoon/admin.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: admin.c,v 1.17.6.2 2008/06/18 07:30:19 mgrooms Exp $	*/
+/*	$NetBSD: admin.c,v 1.17.6.3 2009/04/20 13:32:57 tteras Exp $	*/
 
 /* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
 
@@ -307,16 +307,18 @@ admin_process(so2, combuf)
 #ifdef ENABLE_HYBRID
 	case ADMIN_LOGOUT_USER: {
 		struct ph1handle *iph1;
-		char *user;
-		int found = 0;
+		char user[LOGINLEN+1];
+		int found = 0, len = com->ac_len - sizeof(com);
 
-		if (com->ac_len > sizeof(com) + LOGINLEN + 1) {
+		if (len > LOGINLEN) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "malformed message (login too long)\n");
 			break;
 		}
 
-		user = (char *)(com + 1);
+		memcpy(user, (char *)(com + 1), len);
+		user[len] = 0;
+
 		found = purgeph1bylogin(user);
 		plog(LLV_INFO, LOCATION, NULL, 
 		    "deleted %d SA for user \"%s\"\n", found, user);
diff --git a/crypto/dist/ipsec-tools/src/racoon/racoonctl.c b/crypto/dist/ipsec-tools/src/racoon/racoonctl.c
index afe954cc4bcd4..1dd26f0d37d82 100644
--- a/crypto/dist/ipsec-tools/src/racoon/racoonctl.c
+++ b/crypto/dist/ipsec-tools/src/racoon/racoonctl.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: racoonctl.c,v 1.7.6.1 2008/07/15 00:55:48 mgrooms Exp $	*/
+/*	$NetBSD: racoonctl.c,v 1.7.6.2 2009/04/20 13:32:57 tteras Exp $	*/
 
 /*	Id: racoonctl.c,v 1.11 2006/04/06 17:06:25 manubsd Exp */
 
@@ -834,15 +834,17 @@ f_logoutusr(ac, av)
 	vchar_t *buf;
 	struct admin_com *head;
 	char *user;
+	size_t userlen;
 
 	/* need username */
 	if (ac < 1)
 		errx(1, "insufficient arguments");
 	user = av[0];
-	if ((user == NULL) || (strlen(user) > LOGINLEN))
+	userlen = strlen(user);
+	if ((user == NULL) || (userlen > LOGINLEN))
 		errx(1, "bad login (too long?)");
 
-	buf = vmalloc(sizeof(*head) + strlen(user) + 1);
+	buf = vmalloc(sizeof(*head) + userlen);
 	if (buf == NULL)
 		return NULL;
 
@@ -852,7 +854,7 @@ f_logoutusr(ac, av)
 	head->ac_errno = 0;
 	head->ac_proto = 0;
 
-	strncpy((char *)(head + 1), user, LOGINLEN);
+	strncpy((char *)(head + 1), user, userlen);
 
 	return buf;
 }