diff --git a/chntpw-080526-get_abs_path.patch b/chntpw-080526-get_abs_path.patch
new file mode 100644
index 0000000..4a754cd
--- /dev/null
+++ b/chntpw-080526-get_abs_path.patch
@@ -0,0 +1,29 @@
+diff -ur chntpw-080526/ntreg.c chntpw-080526.get_abs_path/ntreg.c
+--- chntpw-080526/ntreg.c	2009-06-08 14:32:00.000000000 +0100
++++ chntpw-080526.get_abs_path/ntreg.c	2009-06-08 14:30:08.000000000 +0100
+@@ -1193,7 +1193,7 @@
+ {
+   /* int newnkofs; */
+   struct nk_key *key;
+-  char tmp[ABSPATHLEN+1];
++  char tmp[ABSPATHLEN];
+ 
+   maxlen = (maxlen < ABSPATHLEN ? maxlen : ABSPATHLEN);
+ 
+@@ -1209,6 +1209,7 @@
+   }
+ 
+   strncpy(tmp,path,ABSPATHLEN-1);
++  tmp[ABSPATHLEN-1] = '\0';
+ 
+   if ( (strlen(path) + key->len_name) >= maxlen-6) {
+     snprintf(path,maxlen,"(...)%s",tmp);
+@@ -1216,7 +1217,7 @@
+   }
+   *path = '\\';
+   memcpy(path+1,key->keyname,key->len_name);
+-  strncpy(path+key->len_name+1,tmp,maxlen);
++  strcpy(path+key->len_name+1,tmp);
+   return(get_abs_path(hdesc, key->ofs_parent+0x1004, path, maxlen)); /* go back one more */
+ }
+ 
diff --git a/chntpw-080526-keyname-overflow.patch b/chntpw-080526-keyname-overflow.patch
new file mode 100644
index 0000000..345a4cf
--- /dev/null
+++ b/chntpw-080526-keyname-overflow.patch
@@ -0,0 +1,22 @@
+diff -ur chntpw-080526/ntreg.c chntpw-080526.keyname/ntreg.c
+--- chntpw-080526/ntreg.c	2008-05-26 20:59:44.000000000 +0100
++++ chntpw-080526.keyname/ntreg.c	2009-06-08 12:00:00.000000000 +0100
+@@ -2607,7 +2607,6 @@
+     int count = 0;
+     int countri = 0;
+     int len, byte;
+-    char keyname[128];
+     char path[1024];
+     char *value;
+     struct nk_key *key;
+@@ -2626,10 +2625,6 @@
+ 
+     // get the key
+     key = (struct nk_key *)(hdesc->buffer + nkofs);
+-    strncpy(keyname, key->keyname, key->len_name);
+-    keyname[key->len_name] = '\0';
+-    printf("Exporting key '%s' with %d subkeys and %d values...\n",
+-            keyname, key->no_subkeys, key->no_values);
+ 
+     *path = 0;
+     get_abs_path(hdesc, nkofs, path, 1024);
diff --git a/chntpw-080526-no-value.patch b/chntpw-080526-no-value.patch
new file mode 100644
index 0000000..5bb2048
--- /dev/null
+++ b/chntpw-080526-no-value.patch
@@ -0,0 +1,41 @@
+diff -ur chntpw-080526/ntreg.c chntpw-080526.novalue/ntreg.c
+--- chntpw-080526/ntreg.c	2009-06-08 14:44:09.000000000 +0100
++++ chntpw-080526.novalue/ntreg.c	2009-06-08 14:43:48.000000000 +0100
+@@ -2667,21 +2667,23 @@
+ 	      value = (char *)get_val_data(hdesc, nkofs, vex.name, vex.type, TPF_VK_EXACT);
+ 	      len = get_val_len(hdesc, nkofs, vex.name, TPF_VK_EXACT);
+ 
+-	      if (vex.type == REG_BINARY) {
+-		fprintf(file, "\"%s\"=hex:", vex.name);
+-	      } else {
+-		fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type);
+-	      }
+-	      byte = 0;
+-	      while (byte < len) { /* go byte by byte.. probably slow.. */
+-		fprintf(file, "%02x,", (unsigned char)value[byte]);
+-		byte++;
+-		if (!(byte % 20)) fprintf(file, "\\\r\n  ");
+-	      }
+-	      fprintf(file, "%02x\r\n", (unsigned char)value[byte]);
+-            }
++	      if (value && len >= 0) {
++		if (vex.type == REG_BINARY) {
++		  fprintf(file, "\"%s\"=hex:", vex.name);
++		} else {
++		  fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type);
++		}
++		byte = 0;
++		while (byte < len) { /* go byte by byte.. probably slow.. */
++		  fprintf(file, "%02x,", (unsigned char)value[byte]);
++		  byte++;
++		  if (!(byte % 20)) fprintf(file, "\\\r\n  ");
++		}
++		fprintf(file, "%02x\r\n", (unsigned char)value[byte]);
+ 
+-            FREE(vex.name);
++		FREE(vex.name);
++	      }
++	    }
+         }
+     }
+ 
diff --git a/chntpw.spec b/chntpw.spec
index a32d29a..75fb54b 100644
--- a/chntpw.spec
+++ b/chntpw.spec
@@ -1,7 +1,7 @@
 Name:           chntpw
 # Version is taken from HISTORY.txt
 Version:        0.99.6
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        Change passwords in Windows SAM files
 Group:          Applications/Engineering
 License:        GPLv2
@@ -14,6 +14,11 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  openssl-devel
 
+# Patches sent upstream on 2009-06-08.
+Patch0:         chntpw-080526-keyname-overflow.patch
+Patch1:         chntpw-080526-get_abs_path.patch
+Patch2:         chntpw-080526-no-value.patch
+
 
 %description
 This is a utility to (re)set the password of any user that has a valid
@@ -33,6 +38,10 @@ sed -e 's/\r$//' WinReg.txt > WinReg.txt.eol
 touch -c -r WinReg.txt WinReg.txt.eol
 mv WinReg.txt.eol WinReg.txt
 
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+
 
 %build
 make CC="%__cc" CFLAGS="$RPM_OPT_FLAGS" LIBS="-lcrypto" chntpw cpnt reged
@@ -63,6 +72,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon Jun  8 2009 Richard W.M. Jones <rjones@redhat.com> - 0.99.6-8
+- Fix three crashing bugs in 'reged -x' command.
+
 * Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.6-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild