Index: src/sys/dev/raidframe/rf_disks.c
===================================================================
--- src/sys/dev/raidframe/rf_disks.c	8 Dec 2019 12:14:40 -0000	1.92
+++ src/sys/dev/raidframe/rf_disks.c	7 Aug 2022 00:33:03 -0000
@@ -124,11 +124,16 @@ rf_ConfigureDisks(RF_ShutdownList_t **li
 
 	disks = raidPtr->Disks;
 
+for (c = 0; c < raidPtr->numCol; c++) {
+printf("%s:%d XXXMRG vp = %p\n", __func__, __LINE__, raidPtr->raid_cinfo[c].ci_vp);
+}
 	numFailuresThisRow = 0;
 	for (c = 0; c < raidPtr->numCol; c++) {
+printf("%s:%d XXXMRG calling rf_ConfigureDisk(name=%s)\n", __func__, __LINE__, cfgPtr->devnames[0][c]);
 		ret = rf_ConfigureDisk(raidPtr,
 				       &cfgPtr->devnames[0][c][0],
 				       &disks[c], c);
+printf("%s:%d XXXMRG rf_ConfigureDisk(name=%s) ret=%d\n", __func__, __LINE__, cfgPtr->devnames[0][c], ret);
 
 		if (ret)
 			goto fail;
@@ -577,12 +582,13 @@ rf_ConfigureDisk(RF_Raid_t *raidPtr, cha
 	struct vnode *vp;
 	int     error;
 
-	p = rf_find_non_white(bf);
-	if (p[strlen(p) - 1] == '\n') {
+	p = rf_find_non_white(bf, sizeof(diskPtr->devname));
+	if (p[strnlen(p, sizeof(diskPtr->devname)) - 1] == '\n') {
 		/* strip off the newline */
-		p[strlen(p) - 1] = '\0';
+		p[strnlen(p, sizeof(diskPtr->devname)) - 1] = '\0';
 	}
-	(void) strcpy(diskPtr->devname, p);
+	strncpy(diskPtr->devname, p, sizeof(diskPtr->devname));
+	diskPtr->devname[sizeof(diskPtr->devname) - 1] = '\0';
 
 	/* Let's start by claiming the component is fine and well... */
 	diskPtr->status = rf_ds_optimal;
@@ -607,7 +613,7 @@ rf_ConfigureDisk(RF_Raid_t *raidPtr, cha
 	error = vn_bdev_openpath(pb, &vp, curlwp);
 	pathbuf_destroy(pb);
 	if (error) {
-		printf("open device: %s failed!\n", diskPtr->devname);
+		printf("open device: '%s' failed: %d\n", diskPtr->devname, error);
 		if (error == ENXIO) {
 			/* the component isn't there... must be dead :-( */
 			diskPtr->status = rf_ds_failed;
Index: src/sys/dev/raidframe/rf_driver.c
===================================================================
--- src/sys/dev/raidframe/rf_driver.c	23 Jul 2021 02:35:14 -0000	1.139
+++ src/sys/dev/raidframe/rf_driver.c	7 Aug 2022 00:33:03 -0000
@@ -889,10 +889,10 @@ rf_ConfigureDebug(RF_Config_t *cfgPtr)
 
 	rf_ResetDebugOptions();
 	for (i = 0; i < RF_MAXDBGV && cfgPtr->debugVars[i][0]; i++) {
-		name_p = rf_find_non_white(&cfgPtr->debugVars[i][0]);
-		white_p = rf_find_white(name_p);	/* skip to start of 2nd
-							 * word */
-		val_p = rf_find_non_white(white_p);
+		name_p = rf_find_non_white(&cfgPtr->debugVars[i][0], sizeof(cfgPtr->debugVars[0]));
+		/* skip to start of 2nd * word */
+		white_p = rf_find_white(name_p, sizeof(cfgPtr->debugVars[0]) - (name_p - &cfgPtr->debugVars[i][0]));
+		val_p = rf_find_non_white(white_p, sizeof(cfgPtr->debugVars[0]) - (white_p - &cfgPtr->debugVars[i][0]));
 		if (*val_p == '0' && *(val_p + 1) == 'x')
 			val = rf_htoi(val_p + 2);
 		else
Index: src/sys/dev/raidframe/rf_netbsdkintf.c
===================================================================
--- src/sys/dev/raidframe/rf_netbsdkintf.c	16 Apr 2022 16:40:54 -0000	1.407
+++ src/sys/dev/raidframe/rf_netbsdkintf.c	7 Aug 2022 00:33:03 -0000
@@ -1240,7 +1240,7 @@ rf_getConfiguration(struct raid_softc *r
 int
 rf_construct(struct raid_softc *rs, RF_Config_t *k_cfg)
 {
-	int retcode;
+	int retcode, i;
 	RF_Raid_t *raidPtr = &rs->sc_r;
 
 	rs->sc_flags &= ~RAIDF_SHUTDOWN;
@@ -1251,6 +1251,33 @@ rf_construct(struct raid_softc *rs, RF_C
 	/* should do some kind of sanity check on the configuration.
 	 * Store the sum of all the bytes in the last byte? */
 
+	/* Force nul-termination on all strings. */
+#define ZERO_FINAL(s)	do { s[sizeof(s) - 1] = '\0'; } while (0)
+	for (i = 0; i < RF_MAXCOL; i++) {
+		ZERO_FINAL(k_cfg->devnames[0][j]);
+	}
+	for (i = 0; i < RF_MAXSPARE; i++) {
+		ZERO_FINAL(k_cfg->spare_names[i]);
+	}
+	for (i = 0; i < RF_MAXDBGV; i++) {
+		ZERO_FINAL(k_cfg->debugVars[i]);
+	}
+#undef ZERO_FINAL
+
+	/* Check some basic limits. */
+#if 0
+	if (k_cfg->numCol >= RF_MAXCOL) {
+		printf("%s: invalid numCol %d\n", rs->sc_xname, numCol);
+		retcode = EINVAL;
+		goto out;
+	}
+	if (k_cfg->numSpare >= RF_MAXSPARE) {
+		printf("%s: invalid numSpare %d\n", rs->sc_xname, numSpare);
+		retcode = EINVAL;
+		goto out;
+	}
+#endif
+
 	/* configure the system */
 
 	/*
@@ -2702,6 +2729,7 @@ rf_UnconfigureVnodes(RF_Raid_t *raidPtr)
 
 	for (c = 0; c < raidPtr->numCol; c++) {
 		vp = raidPtr->raid_cinfo[c].ci_vp;
+printf("%s:%d XXXMRG got cinfo[%d] vp=%p\n", __func__, __LINE__, c, vp);
 		acd = raidPtr->Disks[c].auto_configured;
 		rf_close_component(raidPtr, vp, acd);
 		raidPtr->raid_cinfo[c].ci_vp = NULL;
@@ -2710,6 +2738,7 @@ rf_UnconfigureVnodes(RF_Raid_t *raidPtr)
 
 	for (r = 0; r < raidPtr->numSpare; r++) {
 		vp = raidPtr->raid_cinfo[raidPtr->numCol + r].ci_vp;
+printf("%s:%d XXXMRG got spare cinfo[%d] vp=%p\n", __func__, __LINE__, c, vp);
 		acd = raidPtr->Disks[raidPtr->numCol + r].auto_configured;
 		rf_close_component(raidPtr, vp, acd);
 		raidPtr->raid_cinfo[raidPtr->numCol + r].ci_vp = NULL;
Index: src/sys/dev/raidframe/rf_strutils.c
===================================================================
--- src/sys/dev/raidframe/rf_strutils.c	13 Nov 2001 07:11:17 -0000	1.4
+++ src/sys/dev/raidframe/rf_strutils.c	7 Aug 2022 00:33:03 -0000
@@ -44,15 +44,16 @@ __KERNEL_RCSID(0, "$NetBSD: rf_strutils.
 
 /* finds a non-white character in the line */
 char   *
-rf_find_non_white(char *p)
+rf_find_non_white(char *p, size_t len)
 {
-	for (; *p != '\0' && (*p == ' ' || *p == '\t'); p++);
+	for (; len > 0 && *p != '\0' && (*p == ' ' || *p == '\t'); p++, len--);
 	return (p);
 }
+
 /* finds a white character in the line */
 char   *
-rf_find_white(char *p)
+rf_find_white(char *p, size_t len)
 {
-	for (; *p != '\0' && (*p != ' ' && *p != '\t'); p++);
+	for (; len > 0 && *p != '\0' && (*p != ' ' && *p != '\t'); p++, len--);
 	return (p);
 }
Index: src/sys/dev/raidframe/rf_utils.h
===================================================================
--- src/sys/dev/raidframe/rf_utils.h	4 Oct 2001 15:58:56 -0000	1.5
+++ src/sys/dev/raidframe/rf_utils.h	7 Aug 2022 00:33:03 -0000
@@ -40,8 +40,8 @@
 #include "rf_alloclist.h"
 #include "rf_threadstuff.h"
 
-char   *rf_find_non_white(char *p);
-char   *rf_find_white(char *p);
+char   *rf_find_non_white(char *p, size_t len);
+char   *rf_find_white(char *p, size_t len);
 RF_RowCol_t **rf_make_2d_array(int b, int k, RF_AllocListElem_t * allocList);
 RF_RowCol_t *rf_make_1d_array(int c, RF_AllocListElem_t * allocList);
 void    rf_free_2d_array(RF_RowCol_t ** a, int b, int k);