Commit 8e9c1edb361ea72526ff064a969427ae1fc58b3f

Authored by Silvan Calarco
1 parent 538a1d7696
Exists in master

Fix all (hopefully) occurencies of strcat and strncat which may cause buffer overflows

Showing 6 changed files with 77 additions and 77 deletions Side-by-side Diff

... ... @@ -42,15 +42,15 @@
42 42 int
43 43 generateBuildInfo(struct configTag *configtag, int arch)
44 44 {
45   - char foutname[1024], fsourcesname[1024], fdir[1024];
  45 + char foutname[PATH_MAX], fsourcesname[PATH_MAX], fdir[PATH_MAX];
46 46 FILE *fout, *fsources;
47 47 int i, j;
48 48 struct headerSourceList *currheadersourcelist;
49 49 struct headerList *currchild;
50 50  
51   - strncpy(fdir, configtag->repository_source_dir, 1024);
52   - strncpy(fsourcesname, fdir, 1024);
53   - strncat(fsourcesname, "buildinfo/sources.dat", 1024);
  51 + snprintf(fdir, sizeof(fdir), "%s", configtag->repository_source_dir);
  52 + strncpy(fsourcesname, fdir, sizeof(fsourcesname));
  53 + strncat(fsourcesname, "buildinfo/sources.dat", sizeof(fsourcesname) - strlen(fsourcesname));
54 54  
55 55 if ((fsources = fopen(fsourcesname, "w")) == NULL) {
56 56 perror(fsourcesname);
... ... @@ -59,10 +59,10 @@
59 59  
60 60 currheadersourcelist = configtag->headersourcelist;
61 61 while (currheadersourcelist) {
62   - strncpy(foutname, fdir, 1024);
63   - strncat(foutname, "buildinfo/", 1024);
64   - strncat(foutname, currheadersourcelist->name, 1024);
65   - strncat(foutname, ".info", 1024);
  62 + strncpy(foutname, fdir, sizeof(foutname));
  63 + strncat(foutname, "buildinfo/", sizeof(foutname) - strlen(foutname));
  64 + strncat(foutname, currheadersourcelist->name, sizeof(foutname) - strlen(foutname));
  65 + strncat(foutname, ".info", sizeof(foutname) - strlen(foutname));
66 66  
67 67 if ((fout = fopen(foutname, "w")) == NULL) {
68 68 perror(foutname);
... ... @@ -937,7 +937,7 @@
937 937  
938 938 int i = 0,hasbuilds[ARCHS_MAX],ptharg[ARCHS_MAX];
939 939 pthread_t pth[ARCHS_MAX];
940   - char warning[PATH_MAX];
  940 + char warning[8096];
941 941  
942 942 time_t start_time, stop_time;
943 943  
... ... @@ -1139,7 +1139,7 @@
1139 1139  
1140 1140 warning[0]=0;
1141 1141 for (i = 0; i < ARCHS_MAX && configtag->arch[i]; i++) {
1142   - snprintf(&warning[strlen(warning)],PATH_MAX-strlen(warning)," %s", configtag->arch[i]);
  1142 + snprintf(&warning[strlen(warning)],sizeof(warning)-strlen(warning)," %s", configtag->arch[i]);
1143 1143 }
1144 1144 if (!quietmode)
1145 1145 fprintf(stdout, "Scanning binary packages for archs:%s...\n",warning);
... ... @@ -1174,8 +1174,8 @@
1174 1174 warning[0] = '\0';
1175 1175 for (i = 0; i < ARCHS_MAX && configtag->arch[i]; i++) {
1176 1176 if (hasbuilds[i] == 1) {
1177   - strncat(warning," ",PATH_MAX);
1178   - strncat(warning,configtag->arch[i],PATH_MAX);
  1177 + strncat(warning, " ", sizeof(warning) - strlen(warning));
  1178 + strncat(warning, configtag->arch[i], sizeof(warning) - strlen(warning));
1179 1179 }
1180 1180 }
1181 1181 if (warning[0] == '\0') {
... ... @@ -1191,9 +1191,9 @@
1191 1191 if ((hasbuilds[i] == -1) &&
1192 1192 (currheadersourcelist->altrepository == configtag->repository_level)) {
1193 1193 if (warning[0] == '\0')
1194   - strncat(warning, "requires port to arch(s):", PATH_MAX);
1195   - strncat(warning," ",PATH_MAX);
1196   - strncat(warning,configtag->arch[i],PATH_MAX);
  1194 + strncat(warning, "requires port to arch(s):", sizeof(warning) - strlen(warning));
  1195 + strncat(warning," ", sizeof(warning) - strlen(warning));
  1196 + strncat(warning,configtag->arch[i], sizeof(warning) - strlen(warning));
1197 1197 }
1198 1198 }
1199 1199 if (warning[0] != '\0') {
1200 1200  
... ... @@ -1213,13 +1213,13 @@
1213 1213 }
1214 1214  
1215 1215 if (currrebuild) {
1216   - strncat(warning,"need to be rebuilt:", PATH_MAX);
  1216 + strncat(warning,"need to be rebuilt:", sizeof(warning) - strlen(warning));
1217 1217 while (currrebuild) {
1218   - strncat(warning," ",PATH_MAX);
1219   - strncat(warning,currrebuild->sourceheader->name,PATH_MAX);
1220   - strncat(warning,"(",PATH_MAX);
1221   - strncat(warning,currrebuild->provider->arch,PATH_MAX);
1222   - strncat(warning,")",PATH_MAX);
  1218 + strncat(warning," ", sizeof(warning) - strlen(warning));
  1219 + strncat(warning,currrebuild->sourceheader->name, sizeof(warning) - strlen(warning));
  1220 + strncat(warning,"(", sizeof(warning) - strlen(warning));
  1221 + strncat(warning,currrebuild->provider->arch, sizeof(warning) - strlen(warning));
  1222 + strncat(warning,")", sizeof(warning) - strlen(warning));
1223 1223 currrebuild = currrebuild->next;
1224 1224 }
1225 1225 }
... ... @@ -409,7 +409,7 @@
409 409 if (sqlite3_prepare_v2(db, sql, strlen(sql), &stmt1, NULL) == SQLITE_OK && sqlite3_step(stmt1) == SQLITE_ROW) {
410 410 parent = sqlite3_column_int(stmt1,0);
411 411 sqlite3_finalize(stmt1);
412   - strcat(linkpath, "/");
  412 + strncat(linkpath, "/", strlen(*path) - strlen(linkpath));
413 413 strncat(linkpath, buffer, strlen(*path) - strlen(linkpath));
414 414 printf("/<a href='javascript:distroquery_request(\"repository=%s&arch=%s&path=%s\")'>%s</a>",
415 415 query_repository, query_arch, linkpath, buffer);
... ... @@ -1558,10 +1558,10 @@
1558 1558 search_files = strstr(valuetok, "false") != valuetok;
1559 1559 }
1560 1560 if (vartok && valuetok) {
1561   - strcat(query_next, vartok);
1562   - strcat(query_next, "=");
1563   - strcat(query_next, valuetok);
1564   - strcat(query_next, "&");
  1561 + strncat(query_next, vartok, sizeof(query_next) - strlen(query_next));
  1562 + strncat(query_next, "=", sizeof(query_next) - strlen(query_next));
  1563 + strncat(query_next, valuetok, sizeof(query_next) - strlen(query_next));
  1564 + strncat(query_next, "&", sizeof(query_next) - strlen(query_next));
1565 1565 }
1566 1566 }
1567 1567 }
... ... @@ -172,8 +172,8 @@
172 172  
173 173 if (configdefaults.html_basedir) {
174 174 strncpy(buf, configdefaults.html_basedir, PATH_MAX);
175   - strncat(buf, newconfigtag->tag, PATH_MAX);
176   - strncat(buf, "/", PATH_MAX);
  175 + strncat(buf, newconfigtag->tag, sizeof(buf) - strlen(buf));
  176 + strncat(buf, "/", sizeof(buf) - strlen(buf));
177 177 newconfigtag->html_dir = (char *) strdup(buf);
178 178 }
179 179  
... ... @@ -326,7 +326,7 @@
326 326  
327 327 if (!currconfigtag->repository_source_dir) {
328 328 strncpy(buf, currconfigtag->repository_dir, PATH_MAX);
329   - strncat(buf, "/SRPMS.base/", PATH_MAX);
  329 + strncat(buf, "/SRPMS.base/", sizeof(buf) - strlen(buf));
330 330 currconfigtag->repository_source_dir =
331 331 (char *) strdup(buf);
332 332 }
333 333  
... ... @@ -402,11 +402,11 @@
402 402 va_list ap;
403 403 static char oldmsg[20][256];
404 404 static int curroldmsg = 0;
405   - char newmsg[1024];
  405 + char newmsg[PATH_MAX];
406 406 int i;
407 407  
408 408 va_start(ap, msg);
409   - vsnprintf((char*)&newmsg, 1024, msg, ap);
  409 + vsnprintf((char*)&newmsg, PATH_MAX, msg, ap);
410 410 va_end(ap);
411 411  
412 412 for (i = 0; i < 20; i++) {
... ... @@ -65,7 +65,7 @@
65 65 int rpmselector(const struct dirent *entry);
66 66 int sourcerpmselector(const struct dirent *entry);
67 67  
68   -const int bufsize = 1024;
  68 +const int bufsize = PATH_MAX;
69 69  
70 70 struct warningList* addWarning(struct headerSourceList *pkg, char* text)
71 71 {
... ... @@ -534,7 +534,7 @@
534 534 {
535 535 struct fileTree *currdir,*prevdir=NULL;
536 536 char *pstart,*pend;
537   - char f[1024];
  537 + char f[PATH_MAX];
538 538 int l;
539 539  
540 540 currdir = *first;
... ... @@ -84,7 +84,7 @@
84 84 printHTMLWarnings(FILE *fout, struct configTag *configtag, struct headerSourceList* pkg, int mode) {
85 85  
86 86 char warningsfile[PATH_MAX];
87   - char buf[1024];
  87 + char buf[PATH_MAX];
88 88 struct stat s;
89 89 FILE *fin;
90 90 int n;
... ... @@ -122,7 +122,7 @@
122 122  
123 123 fprintf(fout,"&nbsp;&bull;&nbsp;Comment:");
124 124 while (!feof(fin)) {
125   - n = fread(buf,1,1024,fin);
  125 + n = fread(buf, 1, sizeof(buf), fin);
126 126 fwrite(buf,1,n,fout);
127 127 }
128 128 if (mode == 0) {
... ... @@ -223,7 +223,7 @@
223 223 int
224 224 generateMaintainersPages(struct configTag *configtag)
225 225 {
226   - char idxfile[1024],outfile[1024],unmaintfile[1024];
  226 + char idxfile[PATH_MAX],outfile[PATH_MAX],unmaintfile[PATH_MAX];
227 227 FILE *idx=NULL,*out=NULL,*unmaint=NULL;
228 228 int i,pkgnum,unmaintpkgnum;
229 229 struct stat buf;
... ... @@ -234,7 +234,7 @@
234 234 configtag->stats.headersourcecount, sizeof(struct headerSourceList *),
235 235 comparePackagers);
236 236  
237   - snprintf(outfile,1024,"%smaintainers",configtag->html_dir);
  237 + snprintf(outfile, PATH_MAX, "%smaintainers", configtag->html_dir);
238 238 if (stat(outfile,&buf)) {
239 239 if (mkdir(outfile,S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)) {
240 240 logmsg(LOG_ERROR,"cannot create %s directory; aborting.",outfile);
... ... @@ -247,7 +247,7 @@
247 247 }
248 248 }
249 249  
250   - snprintf(idxfile,1024,"%s_maintainers.inc",configtag->html_dir);
  250 + snprintf(idxfile, PATH_MAX, "%s_maintainers.inc", configtag->html_dir);
251 251  
252 252 if ((idx = fopen(idxfile, "w")) == NULL) {
253 253 perror(idxfile);
... ... @@ -259,7 +259,7 @@
259 259 configtag->tag,
260 260 configtag->description);
261 261  
262   - snprintf(unmaintfile,1024,"%smaintainers/unmaintained.inc",configtag->html_dir);
  262 + snprintf(unmaintfile, PATH_MAX, "%smaintainers/unmaintained.inc", configtag->html_dir);
263 263  
264 264 if ((unmaint = fopen(unmaintfile, "w")) == NULL) {
265 265 perror(unmaintfile);
... ... @@ -283,7 +283,7 @@
283 283 if ((configtag->stats.headersourcelistvec[i])->packager->role &
284 284 PACKAGER_ROLE_MAINTAINER) {
285 285  
286   - snprintf(outfile,1024,"%smaintainers/%s.inc",
  286 + snprintf(outfile, PATH_MAX, "%smaintainers/%s.inc",
287 287 configtag->html_dir,
288 288 (configtag->stats.headersourcelistvec[i])->packager->name);
289 289  
... ... @@ -380,8 +380,8 @@
380 380 int
381 381 generateStats(struct configTag *configtag,int arch)
382 382 {
383   - char outfile[1024];
384   - char rssfile[1024];
  383 + char outfile[PATH_MAX];
  384 + char rssfile[PATH_MAX];
385 385 char buffer[PATH_MAX];
386 386 FILE *htmlout=NULL,*htmloldout,*rssout,*groupout;
387 387 struct stat buf;
... ... @@ -410,7 +410,7 @@
410 410 configtag->stats.headersourcecount, sizeof(struct headerSourceList *),
411 411 compareGroup);
412 412  
413   - snprintf(outfile,1024,"%s_groups.inc",configtag->html_dir);
  413 + snprintf(outfile, PATH_MAX, "%s_groups.inc", configtag->html_dir);
414 414  
415 415 if ((groupout = fopen(outfile, "w")) == NULL) {
416 416 perror(outfile);
... ... @@ -457,7 +457,7 @@
457 457 exit(1);
458 458 }
459 459 }
460   - strncat(outfile, "/_index.inc", 1024);
  460 + strncat(outfile, "/_index.inc", sizeof(outfile) - strlen(outfile));
461 461 if ((htmlout = fopen(outfile, "w")) == NULL) {
462 462 perror(outfile);
463 463 return 1;
... ... @@ -500,8 +500,8 @@
500 500 fclose(groupout);
501 501 }
502 502  
503   - strncpy(outfile, configtag->html_dir, 1024);
504   - strncat(outfile, "_recent.inc", 1024);
  503 + strncpy(outfile, configtag->html_dir, PATH_MAX);
  504 + strncat(outfile, "_recent.inc", sizeof(outfile) - strlen(outfile));
505 505 if ((htmlout = fopen(outfile, "w")) == NULL) {
506 506 perror(outfile);
507 507 return 1;
... ... @@ -516,8 +516,8 @@
516 516 fprintf(htmlout, "Recent builds:<br>\n");
517 517 }*/
518 518  
519   - strncpy(outfile, configtag->html_dir, 1024);
520   - strncat(outfile, "_oldest.inc", 1024);
  519 + strncpy(outfile, configtag->html_dir, PATH_MAX);
  520 + strncat(outfile, "_oldest.inc", sizeof(outfile) - strlen(outfile));
521 521 if ((htmloldout = fopen(outfile, "w")) == NULL) {
522 522 perror(outfile);
523 523 return 1;
... ... @@ -527,8 +527,8 @@
527 527 fprintf(htmloldout, "Oldest builds:<br>\n");
528 528 }*/
529 529  
530   - strncpy(rssfile, configtag->html_dir, 1024);
531   - strncat(rssfile, "recent.rss", 1024);
  530 + strncpy(rssfile, configtag->html_dir, PATH_MAX);
  531 + strncat(rssfile, "recent.rss", sizeof(rssfile) - strlen(rssfile));
532 532 if ((rssout = fopen(rssfile, "w")) == NULL) {
533 533 perror(rssfile);
534 534 return 1;
... ... @@ -643,7 +643,7 @@
643 643 fclose(rssout);
644 644  
645 645 /* create APT repository file */
646   - snprintf(outfile,1024,"%s%s-%s.list",
  646 + snprintf(outfile, PATH_MAX, "%s%s-%s.list",
647 647 configtag->html_dir,
648 648 configtag->configdefaults->distribution_name,
649 649 configtag->tag);
... ... @@ -683,7 +683,7 @@
683 683 }
684 684  
685 685 /* create Smart Package Manager channel file */
686   - snprintf(outfile,1024,"%s%s-%s.smart",
  686 + snprintf(outfile, PATH_MAX, "%s%s-%s.smart",
687 687 configtag->html_dir,
688 688 configtag->configdefaults->distribution_name,
689 689 configtag->tag);
... ... @@ -727,7 +727,7 @@
727 727 tmdate.tm_mday = 1;
728 728 tmdate.tm_mon = 0;
729 729  
730   - snprintf(outfile,1024,"%s_changelog.inc",configtag->html_dir);
  730 + snprintf(outfile, PATH_MAX, "%s_changelog.inc", configtag->html_dir);
731 731  
732 732 if ((htmlout = fopen(outfile, "w")) == NULL) {
733 733 perror(outfile);
... ... @@ -757,7 +757,7 @@
757 757 }
758 758  
759 759 strncpy(indexfile, configtag->configdefaults->html_basedir, PATH_MAX);
760   - strncat(indexfile, "_index.inc", PATH_MAX);
  760 + strncat(indexfile, "_index.inc", sizeof(indexfile) - strlen(indexfile));
761 761  
762 762 if ((fout = fopen(indexfile, "w")) == NULL) {
763 763 perror(indexfile);
... ... @@ -846,7 +846,7 @@
846 846 char indexfile[PATH_MAX];
847 847 char htmlfile[PATH_MAX];
848 848 char warningsdir[PATH_MAX];
849   - char buffer[PATH_MAX],buffer2[1024];
  849 + char buffer[PATH_MAX],buffer2[PATH_MAX];
850 850 int c,i,j,arch,idx;
851 851 char *st;
852 852 char curr_letter,curr_anchor ='a'-1;
... ... @@ -955,7 +955,7 @@
955 955 return 1;
956 956 }
957 957  
958   - get_favicon_from_url(currheadersourcelist->url,buffer2,1024);
  958 + get_favicon_from_url(currheadersourcelist->url, buffer2, PATH_MAX);
959 959  
960 960 fprintf(fout,
961 961 "<h1><img src=\"%s\" width=\"16\" height=\"16\">"
... ... @@ -989,7 +989,7 @@
989 989 "<tr><td>Group:</td><td><a href=\"%stag=%s&amp;group=%s\">%s</a></td></tr>\n",
990 990 configtag->configdefaults->url_prefix,
991 991 configtag->tag,
992   - groupdirname(currheadersourcelist->group,buffer2,1024),
  992 + groupdirname(currheadersourcelist->group, buffer2, PATH_MAX),
993 993 htmlclean(currheadersourcelist->group,buffer,PATH_MAX));
994 994  
995 995 fprintf(fout,
... ... @@ -1426,7 +1426,7 @@
1426 1426 perror(htmlfile);
1427 1427 return 1;
1428 1428 }
1429   - get_favicon_from_url(currheaderlist->sourceheader->url,buffer,1024);
  1429 + get_favicon_from_url(currheaderlist->sourceheader->url, buffer, PATH_MAX);
1430 1430  
1431 1431 fprintf(fout,
1432 1432 "<h1><img src=\"%s\" width=\"16\" height=\"16\">"
... ... @@ -1751,8 +1751,8 @@
1751 1751 (ft->provider[k]->altrepository == ct->repository_level))) {
1752 1752 ftname(ft,buf,bufsize);
1753 1753 if ((j=strlen(buf)) < 60) {
1754   - for (i=(60-j)/8; i>0; i--) strncat(buf,"\t",1024);
1755   - while (strlen(buf) < 60) strncat(buf," ",1024);
  1754 + for (i=(60-j)/8; i>0; i--) strncat(buf, "\t", bufsize - strlen(buf));
  1755 + while (strlen(buf) < 60) strncat(buf, " ", bufsize - strlen(buf));
1756 1756 }
1757 1757 fprintf(f, "%s %s/%s\n",buf,ct->tag,ft->provider[0]->name);
1758 1758 }
1759 1759  
... ... @@ -1768,23 +1768,23 @@
1768 1768 print_datatables(struct configTag *ct, int arch) {
1769 1769  
1770 1770 FILE *fbd,*fd,*fv,*fb,*fbsh,*fs,*fc,*fw;
1771   - char builddeps_filename[1024], deps_filename[1024], virtual_filename[1024],
1772   - builds_filename[1024], builds_sh_filename[1024], sources_filename[1024],
1773   - contents_filename[1024], warnings_filename[1024], buf[1024];
  1771 + char builddeps_filename[PATH_MAX], deps_filename[PATH_MAX], virtual_filename[PATH_MAX],
  1772 + builds_filename[PATH_MAX], builds_sh_filename[PATH_MAX], sources_filename[PATH_MAX],
  1773 + contents_filename[PATH_MAX], warnings_filename[PATH_MAX], buf[PATH_MAX];
1774 1774 char obsoletebuf[PATH_MAX];
1775 1775 struct headerList *currheaderlist, *currchild;
1776 1776 struct headerSourceList *currheadersourcelist, *oldheadersourcelist;
1777 1777 struct rebuildList *currrebuild;
1778 1778 int i, nonobsoletednumproviders;
1779 1779  
1780   - snprintf(builddeps_filename,1024,"%sbuilddeps-%s",ct->html_dir,ct->arch[arch]);
1781   - snprintf(deps_filename,1024,"%sdeps-%s",ct->html_dir,ct->arch[arch]);
1782   - snprintf(virtual_filename,1024,"%svirtual-%s",ct->html_dir,ct->arch[arch]);
1783   - snprintf(builds_filename,1024,"%sbuilds-%s",ct->html_dir,ct->arch[arch]);
1784   - snprintf(builds_sh_filename,1024,"%sbuilds-%s.sh",ct->html_dir,ct->arch[arch]);
1785   - snprintf(sources_filename,1024,"%ssources-%s",ct->html_dir,ct->arch[arch]);
1786   - snprintf(contents_filename,1024,"%scontentslist-%s",ct->repository_dir,ct->arch[arch]);
1787   - snprintf(warnings_filename,1024,"%swarnings-%s",ct->repository_dir,ct->arch[arch]);
  1780 + snprintf(builddeps_filename, PATH_MAX, "%sbuilddeps-%s", ct->html_dir, ct->arch[arch]);
  1781 + snprintf(deps_filename, PATH_MAX, "%sdeps-%s", ct->html_dir, ct->arch[arch]);
  1782 + snprintf(virtual_filename, PATH_MAX, "%svirtual-%s", ct->html_dir, ct->arch[arch]);
  1783 + snprintf(builds_filename, PATH_MAX, "%sbuilds-%s", ct->html_dir, ct->arch[arch]);
  1784 + snprintf(builds_sh_filename, PATH_MAX, "%sbuilds-%s.sh", ct->html_dir, ct->arch[arch]);
  1785 + snprintf(sources_filename, PATH_MAX, "%ssources-%s", ct->html_dir, ct->arch[arch]);
  1786 + snprintf(contents_filename, PATH_MAX, "%scontentslist-%s", ct->repository_dir, ct->arch[arch]);
  1787 + snprintf(warnings_filename, PATH_MAX, "%swarnings-%s", ct->repository_dir, ct->arch[arch]);
1788 1788  
1789 1789 fbd=fopen(builddeps_filename,"w");
1790 1790 if (!fbd) {
... ... @@ -1935,7 +1935,7 @@
1935 1935  
1936 1936 //write contents (filenames)
1937 1937 logmsg(LOG_DEBUG,"writing contents file");
1938   - print_contents_subtree(fc,ct->filetree[arch],ct,buf,1024);
  1938 + print_contents_subtree(fc, ct->filetree[arch], ct, buf, PATH_MAX);
1939 1939  
1940 1940 logmsg(LOG_DEBUG,"writing deps files (2)");
1941 1941 currheaderlist = ct->headerlist[arch];
1942 1942  
... ... @@ -2045,10 +2045,10 @@
2045 2045  
2046 2046 if (currchild) {
2047 2047  
2048   - if (!strncmp(currheadersourcelist->arch,"noarch",1024))
2049   - snprintf(obsoletebuf,1024,"noarch");
  2048 + if (!strncmp(currheadersourcelist->arch, "noarch", PATH_MAX))
  2049 + snprintf(obsoletebuf, PATH_MAX, "noarch");
2050 2050 else
2051   - snprintf(obsoletebuf,1024,"%s",ct->arch[arch]);
  2051 + snprintf(obsoletebuf, PATH_MAX, "%s", ct->arch[arch]);
2052 2052 fprintf(fbsh,"[ \"$pkg\" = \"%s\" ] && { pkg_header=(%s %s %s %s \"%s\" \"%s\" %ld %ld %d %s); ",
2053 2053 currheadersourcelist->name,
2054 2054 currheadersourcelist->name,
... ... @@ -2080,8 +2080,8 @@
2080 2080 currheadersourcelist->name, PATH_MAX);
2081 2081 break;
2082 2082 }
2083   - if (obsoletebuf[0] != '\0') strcat(obsoletebuf," ");
2084   - strcat(obsoletebuf,currchild->obsoletename[i]);
  2083 + if (obsoletebuf[0] != '\0') strncat(obsoletebuf, " ", sizeof(obsoletebuf) - strlen(obsoletebuf));
  2084 + strncat(obsoletebuf, currchild->obsoletename[i], sizeof(obsoletebuf) - strlen(obsoletebuf));
2085 2085 }
2086 2086 currchild = currchild->nextbrother;
2087 2087 if (currchild) fprintf(fbsh," ");