diff --git a/telnet/telnet.c b/telnet/telnet.c
index fe2bd716..90527968 100644
--- a/telnet/telnet.c
+++ b/telnet/telnet.c
@@ -990,17 +990,18 @@ suboption (void)
 	  unsigned char temp[50], *dp;
 	  int len;
 
-	  if ((dp = env_getvalue ("DISPLAY")) == NULL)
+	  if ((dp = env_getvalue ("DISPLAY")) == NULL ||
+		strlen(dp) > sizeof(temp) - 7)
 	    {
 	      /*
 	       * Something happened, we no longer have a DISPLAY
-	       * variable.  So, turn off the option.
+	       * variable.  Or it is too long.  So, turn off the option.
 	       */
 	      send_wont (TELOPT_XDISPLOC, 1);
 	      break;
 	    }
-	  sprintf ((char *) temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
-		   TELQUAL_IS, dp, IAC, SE);
+	  snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB,
+		   TELOPT_XDISPLOC, TELQUAL_IS, dp, IAC, SE);
 	  len = strlen ((char *) temp + 4) + 4;	/* temp[3] is 0 ... */
 
 	  if (len < NETROOM ())