diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 8dc4de0080..10197e27c0 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -376,6 +376,7 @@ dirserv_dump_directory_to_string(char *s, int maxlen,
 
   for (i = 0; i < n_descriptors; ++i) {
     strncat(cp, descriptor_list[i]->descriptor, descriptor_list[i]->desc_len);
+    /* XXX Nick: do strncat and friends null-terminate? man page is ambiguous. */
     cp += descriptor_list[i]->desc_len;
     assert(!*cp);
   }
@@ -400,6 +401,7 @@ dirserv_dump_directory_to_string(char *s, int maxlen,
       ((int)digest[2])&0xff,((int)digest[3])&0xff);
 
   strncpy(cp, "-----BEGIN SIGNATURE-----\n", maxlen-i);
+  cp[maxlen-i-1] = 0;
 
   i = strlen(s);
   cp = s+i;
diff --git a/src/or/dns.c b/src/or/dns.c
index 269e3dcff1..0cf437afef 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -100,6 +100,7 @@ uint32_t dns_lookup(const char *address) {
   }
 
   strncpy(search.address, address, MAX_ADDRESSLEN);
+  search.address[MAX_ADDRESSLEN-1] = 0;
   resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
   if(resolve) { /* it's there */
     if(resolve->state == CACHE_STATE_VALID) {
@@ -118,7 +119,7 @@ uint32_t dns_lookup(const char *address) {
 }
 #endif
 
-/* See if we have an addr for 'exitconn->address'. if so,
+/* See if we have a cache entry for 'exitconn->address'. if so,
  * if resolve valid, put it into exitconn->addr and return 1.
  * If resolve failed, return -1.
  *
@@ -140,6 +141,7 @@ int dns_resolve(connection_t *exitconn) {
 
   /* now check the tree to see if 'address' is already there. */
   strncpy(search.address, exitconn->address, MAX_ADDRESSLEN);
+  search.address[MAX_ADDRESSLEN-1] = 0;
   resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
   if(resolve) { /* already there */
     switch(resolve->state) {
@@ -167,6 +169,7 @@ int dns_resolve(connection_t *exitconn) {
   resolve->state = CACHE_STATE_PENDING;
   resolve->expire = now + MAX_DNS_ENTRY_AGE;
   strncpy(resolve->address, exitconn->address, MAX_ADDRESSLEN);
+  resolve->address[MAX_ADDRESSLEN-1] = 0;
 
   /* add us to the pending list */
   pending_connection = tor_malloc(sizeof(struct pending_connection_t));
@@ -226,6 +229,7 @@ void dns_cancel_pending_resolve(char *address, connection_t *onlyconn) {
   struct cached_resolve *resolve, *tmp;
 
   strncpy(search.address, address, MAX_ADDRESSLEN);
+  search.address[MAX_ADDRESSLEN-1] = 0;
 
   resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
   if(!resolve) {
@@ -299,6 +303,7 @@ static void dns_found_answer(char *address, uint32_t addr) {
   struct cached_resolve *resolve;
 
   strncpy(search.address, address, MAX_ADDRESSLEN);
+  search.address[MAX_ADDRESSLEN-1] = 0;
 
   resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
   if(!resolve) {