diff --git a/gmid.c b/gmid.c
index 83e3be7..92ff26b 100644
--- a/gmid.c
+++ b/gmid.c
@@ -205,9 +205,6 @@ init_config(void)
 
 	init_mime(&conf.mime);
 
-	conf.chroot = NULL;
-	conf.user = NULL;
-
 	conf.prefork = 3;
 }
 
@@ -224,8 +221,6 @@ free_config(void)
 	v = conf.verbose;
 
 	free_mime(&conf.mime);
-	free(conf.chroot);
-	free(conf.user);
 	memset(&conf, 0, sizeof(conf));
 
 	conf.verbose = v;
@@ -328,15 +323,15 @@ drop_priv(void)
 {
 	struct passwd *pw = NULL;
 
-	if (conf.chroot != NULL && conf.user == NULL)
+	if (*conf.chroot != '\0' && *conf.user == '\0')
 		fatal("can't chroot without an user to switch to after.");
 
-	if (conf.user != NULL) {
+	if (*conf.user != '\0') {
 		if ((pw = getpwnam(conf.user)) == NULL)
 			fatal("can't find user %s", conf.user);
 	}
 
-	if (conf.chroot != NULL) {
+	if (*conf.chroot != '\0') {
 		if (chroot(conf.chroot) != 0 || chdir("/") != 0)
 			fatal("%s: %s", conf.chroot, strerror(errno));
 	}
diff --git a/gmid.h b/gmid.h
index 38b99ad..0997699 100644
--- a/gmid.h
+++ b/gmid.h
@@ -203,8 +203,8 @@ struct conf {
 	int		 ipv6;
 	uint32_t	 protos;
 	struct mime	 mime;
-	char		*chroot;
-	char		*user;
+	char		 chroot[PATH_MAX];
+	char		 user[LOGIN_NAME_MAX];
 	int		 prefork;
 };
 
diff --git a/parse.y b/parse.y
index 96ab053..9eac0c4 100644
--- a/parse.y
+++ b/parse.y
@@ -212,7 +212,12 @@ varset		: STRING '=' string		{
 		}
 		;
 
-option		: CHROOT string	{ conf.chroot = $2; }
+option		: CHROOT string	{
+			if (strlcpy(conf.chroot, $2, sizeof(conf.chroot)) >=
+			    sizeof(conf.chroot))
+				yyerror("chroot path too long");
+			free($2);
+		}
 		| IPV6 bool		{ conf.ipv6 = $2; }
 		| MIME STRING string	{
 			yywarn("`mime MIME EXT' is deprecated and will be "
@@ -235,7 +240,12 @@ option		: CHROOT string	{ conf.chroot = $2; }
 				yyerror("invalid protocols string \"%s\"", $2);
 			free($2);
 		}
-		| USER string		{ conf.user = $2; }
+		| USER string {
+			if (strlcpy(conf.user, $2, sizeof(conf.user)) >=
+			    sizeof(conf.user))
+				yyerror("user name too long");
+			free($2);
+		}
 		;
 
 vhost		: SERVER string {
@@ -949,14 +959,14 @@ print_conf(void)
 	/* struct envlist	*e; */
 	/* struct alist	*a; */
 
-	if (conf.chroot != NULL)
+	if (*conf.chroot != '\0')
 		printf("chroot \"%s\"\n", conf.chroot);
 	printf("ipv6 %s\n", conf.ipv6 ? "on" : "off");
 	/* XXX: defined mimes? */
 	printf("port %d\n", conf.port);
 	printf("prefork %d\n", conf.prefork);
 	/* XXX: protocols? */
-	if (conf.user != NULL)
+	if (*conf.user != '\0')
 		printf("user \"%s\"\n", conf.user);
 
 	TAILQ_FOREACH(h, &hosts, vhosts) {