--- FiSH.c	2008-02-16 00:38:24.000000000 +0100
+++ FiSH.c	2010-06-14 21:16:35.000000000 +0200
@@ -144,7 +144,8 @@
 		}
 	}
 
-	strcpy(msg_bak, bf_dest);	// copy decrypted message back (overwriting the base64 cipher text)
+	strncpy(msg_bak, bf_dest, msg_len);	// copy decrypted message back (overwriting the base64 cipher text)
+	msg_bak[msg_len-1] = '\0';
 	ZeroMemory(bf_dest, sizeof(bf_dest));
 
 	return 1;