Remove more strncpy() calls.

The semantics of strncat() and strncpy() are non-obvious, so let's not use 'em.
Both zero all their remaining buffer space, and with strncat() the size is
the space left at the _end_ of the string (not the size of the buffer) so
it's way too easy to stomp memory you don't own. As long as we have to measure
stuff ourselves to get it right, just use memcpy().

diff --git a/lib/lib.c b/lib/lib.c
index 5923176..33be44b 100644 (file)
--- a/lib/lib.c
+++ b/lib/lib.c
@@ -177,7 +177,7 @@ struct string_list **splitpath(char *path, struct string_list **list)
     if (len > 0) {
       *list = xmalloc(sizeof(struct string_list) + len + 1);
       (*list)->next = 0;
-      strncpy((*list)->str, new, len);
+      memcpy((*list)->str, new, len);
       (*list)->str[len] = 0;
       list = &(*list)->next;
     }
@@ -210,7 +210,8 @@ struct string_list *find_in_path(char *path, char *filename)
     if (!len) sprintf(rnext->str, "%s/%s", cwd, filename);
     else {
       char *res = rnext->str;
-      strncpy(res, path, len);
+
+      memcpy(res, path, len);
       res += len;
       *(res++) = '/';
       strcpy(res, filename);