@@ -194,7 +194,7 @@ void bat_hosts_init(int read_opt)
strncpy(confdir, homedir, CONF_DIR_LEN);
confdir[CONF_DIR_LEN - 1] = '\0';
- strncat(confdir, &bat_hosts_path[i][1], CONF_DIR_LEN - strlen(confdir));
+ strncat(confdir, &bat_hosts_path[i][1], CONF_DIR_LEN - strlen(confdir) - 1);
} else {
strncpy(confdir, bat_hosts_path[i], CONF_DIR_LEN);
confdir[CONF_DIR_LEN - 1] = '\0';
@@ -180,7 +180,7 @@ int read_file(char *dir, char *fname, int read_opt,
strncpy(full_path, dir, strlen(dir));
full_path[strlen(dir)] = '\0';
- strncat(full_path, fname, sizeof(full_path) - strlen(full_path));
+ strncat(full_path, fname, sizeof(full_path) - strlen(full_path) - 1);
open:
line = 0;
@@ -305,7 +305,7 @@ int write_file(char *dir, char *fname, char *arg1, char *arg2)
strncpy(full_path, dir, strlen(dir));
full_path[strlen(dir)] = '\0';
- strncat(full_path, fname, sizeof(full_path) - strlen(full_path));
+ strncat(full_path, fname, sizeof(full_path) - strlen(full_path) - 1);
fd = open(full_path, O_WRONLY);
The length field (n) of strncat is used to specify the length of the buffer without the \0 delimiter. strncat will add it even when it will write it to the limit of n bytes was written. Signed-off-by: Sven Eckelmann <sven@narfation.org> --- bat-hosts.c | 2 +- functions.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)