From dc6b871b419159097c272fe21cdef6acece40a99 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Thu, 16 Apr 2026 11:52:11 -0400
Subject: Convert more strcat and strcpy to strn variants

---
 src/cli/stasis/args.c        | 12 ++++++------
 src/cli/stasis/stasis_main.c |  8 ++++----
 2 files changed, 10 insertions(+), 10 deletions(-)

(limited to 'src/cli/stasis')

diff --git a/src/cli/stasis/args.c b/src/cli/stasis/args.c
index 696f3a6..98b4479 100644
--- a/src/cli/stasis/args.c
+++ b/src/cli/stasis/args.c
@@ -89,20 +89,20 @@ void usage(char *progname) {
         char opt_long[50] = {0};        // --? [ARG]?
         char opt_short[50] = {0};        // -? [ARG]?
 
-        strcat(opt_long, "--");
-        strcat(opt_long, long_options[x].name);
+        strncat(opt_long, "--", sizeof(opt_long) - strlen(opt_long) - 1);
+        strncat(opt_long, long_options[x].name, sizeof(opt_long) - strlen(opt_long) - 1);
         if (long_options[x].has_arg) {
-            strcat(opt_long, " ARG");
+            strncat(opt_long, " ARG", sizeof(opt_long) - strlen(opt_long) - 1);
         }
 
         if (long_options[x].val <= 'z') {
-            strcat(opt_short, "-");
+            strncat(opt_short, "-", sizeof(opt_short) - strlen(opt_short) - 1);
             opt_short[1] = (char) long_options[x].val;
             if (long_options[x].has_arg) {
-                strcat(opt_short, " ARG");
+                strncat(opt_short, " ARG", sizeof(opt_short) - strlen(opt_short) - 1);
             }
         } else {
-            strcat(opt_short, "  ");
+            strncat(opt_short, "  ", sizeof(opt_short) - strlen(opt_short) - 1);
         }
 
         const char *opt_fmt = "  %%-%ds\t%%s\t\t%%s";
diff --git a/src/cli/stasis/stasis_main.c b/src/cli/stasis/stasis_main.c
index 9b3c6ba..328d825 100644
--- a/src/cli/stasis/stasis_main.c
+++ b/src/cli/stasis/stasis_main.c
@@ -532,7 +532,7 @@ int main(int argc, char *argv[]) {
                 globals.continue_on_error = true;
                 break;
             case 'p':
-                strcpy(python_override_version, optarg);
+                strncpy(python_override_version, optarg, sizeof(python_override_version) - 1);
                 break;
             case 'l':
                 globals.cpu_limit = strtol(optarg, NULL, 10);
@@ -652,9 +652,9 @@ int main(int argc, char *argv[]) {
     configure_jfrog_cli(&ctx);
 
     runtime_apply(ctx.runtime.environ);
-    strcpy(env_name, ctx.info.release_name);
-    strcpy(env_name_testing, env_name);
-    strcat(env_name_testing, "-test");
+    strncpy(env_name, ctx.info.release_name, sizeof(env_name) - 1);
+    strncpy(env_name_testing, env_name, sizeof(env_name_testing) - 1);
+    strncat(env_name_testing, "-test", sizeof(env_name_testing) - strlen(env_name_testing) - 1);
     char *envs[] = {
         "release", env_name,
         "testing", env_name_testing,
-- 
cgit