The strcat() function has all of the same overflow problems as strcpy(). And as a bonus, it's easy to end up accidentally quadratic, as each subsequent call has to walk through the existing string. The last strcat() call went away in f063d38b80 (daemon: use cld->env_array when re-spawning, 2015-09-24). In general, strcat() can be replaced either with a dynamic string (strbuf or xstrfmt), or with xsnprintf if you know the length is bounded. Signed-off-by: Jeff King <peff@xxxxxxxx> --- banned.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/banned.h b/banned.h index c50091ad7d..32e0bae01d 100644 --- a/banned.h +++ b/banned.h @@ -12,5 +12,7 @@ #undef strcpy #define strcpy(x,y) BANNED(strcpy) +#undef strcat +#define strcat(x,y) BANNED(strcat) #endif /* BANNED_H */ -- 2.18.0.542.g2bf2fc4f7e
