options bit

I glanced over the options parsing looking for issues, and it
seems that paranoid_confirm:long-string-of-junk might have been
vulnerable.  So this fixes that.

diff --git a/src/options.c b/src/options.c
index bfcbba28932ebf146c592b27aa8592820110fdd1..397c34a3ae00e9477594b997af0ef27ed53b577c 100644 (file)
--- a/src/options.c
+++ b/src/options.c
@@ -2546,7 +2546,9 @@ boolean tinitial, tfrom_file;
         } else if ((op = string_for_opt(opts, TRUE)) != 0) {
             char *pp, buf[BUFSZ];
 
-            op = mungspaces(strcpy(buf, op));
+            strncpy(buf, op, sizeof buf - 1);
+            buf[sizeof buf - 1] = '\0';
+            op = mungspaces(buf);
             for (;;) {
                 /* We're looking to parse
                    "paranoid_confirm:whichone wheretwo whothree"
@@ -3106,8 +3108,7 @@ boolean tinitial, tfrom_file;
         if ((op = string_for_opt(opts, FALSE)) != 0) {
             if (iflags.wc_tile_file)
                 free(iflags.wc_tile_file);
-            iflags.wc_tile_file = (char *) alloc(strlen(op) + 1);
-            Strcpy(iflags.wc_tile_file, op);
+            iflags.wc_tile_file = dupstr(op);
         }
         return;
     }