Coverity doesn't like that tmpdir can be changed by an environmental

variable, so we're going to untaint it by manually doing an equivalent of
strcpy().
(Coverity ID: 310902)

Signed-off-by: Jonathan Dieter <jdieter@gmail.com>

diff --git a/src/lib/zck.c b/src/lib/zck.c
index 3b2fa07649e0ee0d351edeb8bde5e2030738bd9f..46768c988bea0d468b1880d3710d4360d112d281 100644 (file)
--- a/src/lib/zck.c
+++ b/src/lib/zck.c
@@ -135,9 +135,17 @@ int get_tmp_fd(zckCtx *zck) {
     }
 
     fname = zmalloc(strlen(template) + strlen(tmpdir) + 2);
-    strncpy(fname, tmpdir, strlen(tmpdir));
-    strncpy(fname+strlen(tmpdir), "/", 2);
-    strncpy(fname+strlen(tmpdir)+1, template, strlen(template));
+    int i=0;
+    for(i=0; i<strlen(tmpdir); i++)
+        fname[i] = tmpdir[i];
+    int offset = i;
+    fname[offset] = '/';
+    offset++;
+    for(i=0; i<strlen(template); i++)
+        fname[offset + i] = template[i];
+    offset += i;
+    fname[offset] = '\0';
+    printf("File name: %s", fname);
 
     mode_t old_mode_mask;
     old_mode_mask = umask (S_IXUSR | S_IRWXG | S_IRWXO);