Phil Sutter <phil@xxxxxx> wrote: > Make sure destination buffers are NULL-terminated by replacing strcpy() > with strncat() (if destination is guaranteed to be zeroed) or explicitly > set last byte in buffer to zero. I'm sorry, but i don't like this at all. > - strcpy(cs->target->t->u.user.name, cs->jumpto); > + strncat(cs->target->t->u.user.name, cs->jumpto, > + XT_EXTENSION_MAXNAMELEN - 1); This reads "append this to user.name", even though this is supposed to copy. I realize user.name is 0-terminated, but this is yet one more thing one "has to know". So, this should either be strcpy (no change) strncpy + setting last element to 0, snprintf() I think use of *cat() should be limited to cases where we want to append, not to work around warnings.
