From 1e4cf7f4a7fc3bb2c6e795664a5f0f9bc9ef64fc Mon Sep 17 00:00:00 2001
From: Jonathan Dieter <jdieter@gmail.com>
Date: Tue, 18 Sep 2018 13:54:28 +0100
Subject: [PATCH] Coverity doesn't like that tmpdir can be changed by an
 environmental variable, so we're going to untaint it by manually doing an
 equivalent of strcpy(). (Coverity ID: 310902)

Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
---
 src/lib/zck.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/lib/zck.c b/src/lib/zck.c
index 3b2fa07..46768c9 100644
--- a/src/lib/zck.c
+++ b/src/lib/zck.c
@@ -135,9 +135,17 @@ int get_tmp_fd(zckCtx *zck) {
     }
 
     fname = zmalloc(strlen(template) + strlen(tmpdir) + 2);
-    strncpy(fname, tmpdir, strlen(tmpdir));
-    strncpy(fname+strlen(tmpdir), "/", 2);
-    strncpy(fname+strlen(tmpdir)+1, template, strlen(template));
+    int i=0;
+    for(i=0; i<strlen(tmpdir); i++)
+        fname[i] = tmpdir[i];
+    int offset = i;
+    fname[offset] = '/';
+    offset++;
+    for(i=0; i<strlen(template); i++)
+        fname[offset + i] = template[i];
+    offset += i;
+    fname[offset] = '\0';
+    printf("File name: %s", fname);
 
     mode_t old_mode_mask;
     old_mode_mask = umask (S_IXUSR | S_IRWXG | S_IRWXO);
-- 
2.30.2