diff --git a/src/ftpcmd.c b/src/ftpcmd.c
index b318711..34686a4 100644
--- a/src/ftpcmd.c
+++ b/src/ftpcmd.c
@@ -441,7 +441,7 @@ static void handle_PORT(ctrl_t *ctrl, char *str)
 
 	/* Convert PORT command's argument to IP address + port */
 	sscanf(str, "%d,%d,%d,%d,%d,%d", &a, &b, &c, &d, &e, &f);
-	sprintf(addr, "%d.%d.%d.%d", a, b, c, d);
+	snprintf(addr, sizeof(addr), "%d.%d.%d.%d", a, b, c, d);
 
 	/* Check IPv4 address using inet_aton(), throw away converted result */
 	if (!inet_aton(addr, &(sin.sin_addr))) {