Index: Map.c
===================================================================
--- Map.c	(revision 15885)
+++ Map.c	(working copy)
@@ -228,13 +228,12 @@
   // specific has priority
   //
   if (Specific != NULL) {
-    NewSpecific = AllocateZeroPool(StrSize(Specific) + sizeof(CHAR16));
+    NewSpecific = AllocateCopyPool(StrSize(Specific) + sizeof(CHAR16), Specific);
     if (NewSpecific == NULL){
       return FALSE;
     }
-    StrCpy(NewSpecific, Specific);
     if (NewSpecific[StrLen(NewSpecific)-1] != L':') {
-      StrCat(NewSpecific, L":");
+      StrnCat(NewSpecific, L":", 2);
     }
 
     if (SearchList(MapList, NewSpecific, NULL, TRUE, FALSE, L";")) {
@@ -877,13 +876,12 @@
   EFI_STATUS                      Status;
   CHAR16                          *NewSName;
   
-  NewSName = AllocateZeroPool(StrSize(SName) + sizeof(CHAR16));
+  NewSName = AllocateCopyPool(StrSize(SName) + sizeof(CHAR16), SName);
   if (NewSName == NULL) {
     return (SHELL_OUT_OF_RESOURCES);
   }
-  StrCpy(NewSName, SName);
   if (NewSName[StrLen(NewSName)-1] != L':') {
-    StrCat(NewSName, L":");
+    StrnCat(NewSName, L":", 2);
   }
 
   if (!IsNumberLetterOnly(NewSName, StrLen(NewSName)-1)) {
@@ -930,13 +928,12 @@
   EFI_STATUS                Status;
   CHAR16                    *NewSName;
   
-  NewSName = AllocateZeroPool(StrSize(SName) + sizeof(CHAR16));
+  NewSName = AllocateCopyPool(StrSize(SName) + sizeof(CHAR16), SName);
   if (NewSName == NULL) {
     return (SHELL_OUT_OF_RESOURCES);
   }
-  StrCpy(NewSName, SName);
   if (NewSName[StrLen(NewSName)-1] != L':') {
-    StrCat(NewSName, L":");
+    StrnCat(NewSName, L":", 2);
   }
 
   if (!IsNumberLetterOnly(NewSName, StrLen(NewSName)-1)) {
Index: Rm.c
===================================================================
--- Rm.c	(revision 15885)
+++ Rm.c	(working copy)
@@ -77,6 +77,7 @@
   EFI_STATUS            Status;
   SHELL_PROMPT_RESPONSE *Resp;
   CHAR16                *TempName;
+  UINTN                 NewSize;
 
   Resp                  = NULL;
   ShellStatus           = SHELL_SUCCESS;
@@ -125,13 +126,14 @@
           //
           // Update the node filename to have full path with file system identifier
           //
-          TempName = AllocateZeroPool(StrSize(Node->FullName) + StrSize(Node2->FullName));
+          NewSize = StrSize(Node->FullName) + StrSize(Node2->FullName);
+          TempName = AllocateZeroPool(NewSize);
           if (TempName == NULL) {
             ShellStatus = SHELL_OUT_OF_RESOURCES;
           } else {
-            StrCpy(TempName, Node->FullName);
+            StrnCpy(TempName, Node->FullName, NewSize/sizeof(CHAR16) -1);
             TempName[StrStr(TempName, L":")+1-TempName] = CHAR_NULL;
-            StrCat(TempName, Node2->FullName);
+            StrnCat(TempName, Node2->FullName, NewSize/sizeof(CHAR16) -1 - StrLen(TempName));
             FreePool((VOID*)Node2->FullName);
             Node2->FullName = TempName;