Eliminate potential buffer overflow

I realize strncat is being eliminated, but in case the elimination isn't done prior to release, this patch should be applied.
Unidata · Jan 11, 2018 · cdec707 · cdec707
1 parent 2281f3e
commit cdec707
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/libdispatch/dutil.c b/libdispatch/dutil.c
@@ -209,7 +209,7 @@ NC_mktmp(const char* base)
     cvtpath = NCpathcvt(base);
     strncpy(tmp,cvtpath,sizeof(tmp));
     nullfree(cvtpath);
-	strncat(tmp, "XXXXXX", sizeof(tmp));
+	strncat(tmp, "XXXXXX", sizeof(tmp) - strlen(tmp) - 1);
 
 #ifdef HAVE_MKSTEMP
     /* Note Potential problem: old versions of this function