diff --git a/CHANGELOG b/CHANGELOG
index 7127b36f1..a57d56ad3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,7 @@
-# Nmap Changelog ($Id$); -*-text-*-
+# Nmap Changelog ($Id$); -*-text-*-
+
+o Service fingerprints in XML output are no longer be truncated to 2kb.
+  [Michael]
 
 o Update the HTTP library to use the new timing_level functionality to
   set connection and response timeouts. An error preventing the new
diff --git a/output.cc b/output.cc
index 332bb7875..a9aaf6059 100644
--- a/output.cc
+++ b/output.cc
@@ -200,18 +200,22 @@ static char* xml_sf_convert (const char* str) {
 
 
 // Creates an XML <service> element for the information given in
-// serviceDeduction.  It will be 0-length if none is neccessary.
-// returns 0 for success.
-static int getServiceXMLBuf(struct serviceDeductions *sd, char *&xmlbuf) {
+// serviceDeduction.  This function should only be called if ether
+// the service name or the service fingerprint is non-null.
+// Returns a pointer to a buffer containing the element,
+// you will have to call free on it.
+static char * getServiceXMLBuf(struct serviceDeductions *sd) {
   string versionxmlstring = "";
   char rpcbuf[128];
+  char confBuf[20];
   char *xml_product = NULL, *xml_version = NULL, *xml_extrainfo = NULL;
   char *xml_hostname = NULL, *xml_ostype = NULL, *xml_devicetype = NULL;
   char *xml_servicefp = NULL, *xml_servicefp_temp = NULL;
-  int xmlbuflen=0;
 
-  if (!sd->name && !sd->service_fp) return -1;
 
+  versionxmlstring =  "<service name=\"";
+  versionxmlstring += sd->name? sd->name : "unknown";
+  versionxmlstring += "\"";
   if (sd->product) {
     xml_product = xml_convert(sd->product);
     versionxmlstring += " product=\"";
@@ -276,18 +280,17 @@ static int getServiceXMLBuf(struct serviceDeductions *sd, char *&xmlbuf) {
 	     sd->rpc_program, sd->rpc_lowver, sd->rpc_highver);
   } else rpcbuf[0] = '\0';
 
-  xmlbuflen=versionxmlstring.size()+55;
-  xmlbuflen+=strlen(rpcbuf);
-  xmlbuf = (char*)safe_malloc(xmlbuflen);
-
-  Snprintf(xmlbuf, xmlbuflen, 
-	   "<service name=\"%s\"%s %smethod=\"%s\" conf=\"%d\"%s />", 
-	   sd->name? sd->name : "unknown",
-	   versionxmlstring.c_str(),
-	   (sd->service_tunnel == SERVICE_TUNNEL_SSL)? "tunnel=\"ssl\" " : "",
-	   (sd->dtype == SERVICE_DETECTION_TABLE)? "table" : "probed", 
-	   sd->name_confidence, rpcbuf);
-  return 0;
+  versionxmlstring += " ";
+  versionxmlstring += (sd->service_tunnel == SERVICE_TUNNEL_SSL)? "tunnel=\"ssl\" " : "";
+  versionxmlstring += "method=\"";
+  versionxmlstring += (sd->dtype == SERVICE_DETECTION_TABLE)? "table" : "probed";
+  versionxmlstring += "\" conf=\"";
+  Snprintf(confBuf,20,"%i",sd->name_confidence);
+  versionxmlstring += confBuf;
+  versionxmlstring += "\"";
+  versionxmlstring += rpcbuf;
+  versionxmlstring += " />";
+  return strdup(versionxmlstring.c_str());
 }
 
 #ifdef WIN32
@@ -479,10 +482,10 @@ void printportoutput(Target *currenths, PortList *plist) {
   char rpcinfo[64];
   char rpcmachineinfo[64];
   char portinfo[64];
-  char *xmlbuf=NULL;
   char grepvers[256];
   char grepown[64];
   char *p;
+  char * xmlBuf=NULL;
   const char *state;
   char serviceinfo[64];
   char *name=NULL;
@@ -764,12 +767,15 @@ void printportoutput(Target *currenths, PortList *plist) {
 	if (current->owner && *current->owner) {
 	  log_write(LOG_XML, "<owner name=\"%s\" />", current->owner);
 	}
-	if (getServiceXMLBuf(&sd, xmlbuf) == 0)
-	  if (xmlbuf){
-	    log_write(LOG_XML, "%s", xmlbuf);
-		free(xmlbuf);
-		xmlbuf=NULL;
-	  }
+	
+	if (sd.name || sd.service_fp){
+		xmlBuf = getServiceXMLBuf(&sd);
+		if(xmlBuf){
+			log_write(LOG_XML, "%s", xmlBuf);
+			free(xmlBuf);
+			xmlBuf=NULL;
+		}
+	}
 
 	rowno++;
 #ifndef NOLUA