diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
index 4c98518e..c848fb83 100644
--- a/src/libopensc/pkcs15-tcos.c
+++ b/src/libopensc/pkcs15-tcos.c
@@ -25,6 +25,7 @@
 #include <stdio.h>
 
 #include "common/compat_strlcpy.h"
+#include "common/compat_strlcat.h"
 #include "internal.h"
 #include "pkcs15.h"
 #include "cardctl.h"
@@ -261,7 +262,8 @@ static char *dirpath(char *dir, const char *path){
 	static char buf[SC_MAX_PATH_STRING_SIZE];
 
 	strcpy(buf,dir);
-	return strcat(buf,path);
+	strlcat(buf,path,sizeof buf);
+	return buf;
 }
 
 static int detect_netkey(
diff --git a/src/tools/cryptoflex-tool.c b/src/tools/cryptoflex-tool.c
index 56113a83..fbc83b77 100644
--- a/src/tools/cryptoflex-tool.c
+++ b/src/tools/cryptoflex-tool.c
@@ -28,6 +28,7 @@
 
 #include "libopensc/pkcs15.h"
 #include "common/compat_strlcpy.h"
+#include "common/compat_strlcat.h"
 #include "util.h"
 
 static const char *app_name = "cryptoflex-tool";
@@ -145,7 +146,7 @@ static int select_app_df(void)
 
 	strcpy(str, "3F00");
 	if (opt_appdf != NULL)
-		strcat(str, opt_appdf);
+		strlcat(str, opt_appdf, sizeof str);
 	sc_format_path(str, &path);
 	r = sc_select_file(card, &path, &file);
 	if (r) {
@@ -945,7 +946,7 @@ static int create_pin(void)
 	}
 	strcpy(buf, "3F00");
 	if (opt_appdf != NULL)
-		strcat(buf, opt_appdf);
+		strlcat(buf, opt_appdf, sizeof buf);
 	sc_format_path(buf, &path);
 
 	return create_pin_file(&path, opt_pin_num, "");
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 55b3996d..0d00c4a4 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -47,6 +47,8 @@
 #include "pkcs11/pkcs11.h"
 #include "pkcs11/pkcs11-opensc.h"
 #include "libopensc/asn1.h"
+#include "common/compat_strlcat.h"
+#include "common/compat_strlcpy.h"
 #include "util.h"
 
 extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR);
@@ -1145,7 +1147,7 @@ static void init_token(CK_SLOT_ID slot)
 				util_fatal("No PIN entered, exiting\n");
 			if (!new_pin || !*new_pin || strlen(new_pin) > 20)
 				util_fatal("Invalid SO PIN\n");
-			strcpy(new_buf, new_pin);
+			strlcpy(new_buf, new_pin, sizeof new_buf);
 			free(new_pin); new_pin = NULL;
 			printf("Please enter the new SO PIN (again): ");
 			r = util_getpass(&new_pin, &len, stdin);
@@ -1318,7 +1320,7 @@ static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type)
 		r = util_getpass(&new_pin, &len, stdin);
 		if (r < 0)
 			return 1;
-		strcpy(new_buf, new_pin);
+		strlcpy(new_buf, new_pin, sizeof new_buf);
 
 		printf("Please enter the new PIN again: ");
 		r = util_getpass(&new_pin, &len, stdin);
@@ -4434,8 +4436,8 @@ static const char *p11_flag_names(struct flag_info *list, CK_FLAGS value)
 	buffer[0] = '\0';
 	while (list->value) {
 		if (list->value & value) {
-			strcat(buffer, sepa);
-			strcat(buffer, list->name);
+			strlcat(buffer, sepa, sizeof buffer);
+			strlcat(buffer, list->name, sizeof buffer);
 			value &= ~list->value;
 			sepa = ", ";
 		}