Replace two remaining strcpy() calls in curses interface.

diff --git a/src/curses/ux_input.c b/src/curses/ux_input.c
index 3c842b3b01feae8caf3da3965146c9e4e9d04edc..afbccf701b98ffea06746254f836c4a95ec8a369 100644 (file)
--- a/src/curses/ux_input.c
+++ b/src/curses/ux_input.c
@@ -359,7 +359,8 @@ static int unix_history_back(zchar *str, int searchlen, int maxlen)
        }
     } while (strlen( *history_view) > (size_t) maxlen
             || (searchlen != 0 && strncmp( (char *)str, *history_view, searchlen)));
-    strcpy((char *)str + searchlen, *history_view + searchlen);
+    strncpy((char *)str + searchlen, *history_view + searchlen,
+               (size_t) maxlen - (strlen((char *)str) + searchlen));
     return 1;
 }
 
@@ -384,7 +385,8 @@ static int unix_history_forward(zchar *str, int searchlen, int maxlen)
        }
     } while (strlen( *history_view) > (size_t) maxlen
             || (searchlen != 0 && strncmp( (char *)str, *history_view, searchlen)));
-    strcpy((char *)str + searchlen, *history_view + searchlen);
+    strncpy((char *)str + searchlen, *history_view + searchlen,
+               (size_t) maxlen - (strlen((char *)str) + searchlen));
     return 1;
 }