did this with a simple macro called OUTPUT() that does the check and
bails from the current function. This was as boring and tedious as
life gets, but we should be protected from stack smashing now.

Also fixed up a couple cases where we take data from the client;
make sure that the sscanf calls are bounded.