From 4bfac013e70271e8273e41d2fa609d48db83a3b3 Mon Sep 17 00:00:00 2001
From: Nick White <git@njw.me.uk>
Date: Thu, 29 Mar 2012 11:37:03 +0100
Subject: Use strncpy and strncat more safely

---
 getabook.c  | 3 ++-
 getbnbook.c | 3 ++-
 getgbook.c  | 3 ++-
 util.c      | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/getabook.c b/getabook.c
index 81c1dfc..2712cc8 100644
--- a/getabook.c
+++ b/getabook.c
@@ -158,7 +158,8 @@ int main(int argc, char *argv[])
 		return 1;
 	}
 
-	strncpy(bookid, argv[argc-1], STRMAX);
+	strncpy(bookid, argv[argc-1], STRMAX-1);
+	bookid[STRMAX-1] = '\0';
 	bookdir = argv[argc-1];
 
 	pages = malloc(sizeof(*pages) * MAXPAGES);
diff --git a/getbnbook.c b/getbnbook.c
index 3b044d6..d228069 100644
--- a/getbnbook.c
+++ b/getbnbook.c
@@ -106,7 +106,8 @@ int main(int argc, char *argv[])
 		return 1;
 	}
 
-	strncpy(bookid, argv[argc-1], STRMAX);
+	strncpy(bookid, argv[argc-1], STRMAX-1);
+	bookid[STRMAX-1] = '\0';
 	bookdir = argv[argc-1];
 
 	/* get cookie */
diff --git a/getgbook.c b/getgbook.c
index 67bd1ca..660a1f6 100644
--- a/getgbook.c
+++ b/getgbook.c
@@ -187,7 +187,8 @@ int main(int argc, char *argv[])
 			free(tmp);
 	}
 
-	strncpy(bookid, argv[argc-1], STRMAX);
+	strncpy(bookid, argv[argc-1], STRMAX-1);
+	bookid[STRMAX-1] = '\0';
 	bookdir = argv[argc-1];
 
 	pages = malloc(sizeof(*pages) * MAXPAGES);
diff --git a/util.c b/util.c
index ade8613..41bbc3c 100644
--- a/util.c
+++ b/util.c
@@ -91,7 +91,7 @@ int get(char *host, char *path, char *sendcookie, char *savecookie, char **buf)
 	t2 = h;
 	if(savecookie != NULL) {
 		while((t2 = strstr(t2, "Set-Cookie: ")) && sscanf(t2, m, c)) {
-			strncat(savecookie, c, COOKIEMAX);
+			strncat(savecookie, c, COOKIEMAX - strlen(savecookie) - 1);
 			t2++;
 		}
 	}
-- 
cgit v1.2.3