From 1f0308bb7a8b78ec79a344e955ebb65323cdc3fd Mon Sep 17 00:00:00 2001
From: David Griffith <dave@661.org>
Date: Tue, 12 Feb 2019 05:00:32 -0800
Subject: [PATCH] Replaced two strcpy() calls in dumb interface.

---
 src/dumb/dumb_input.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/dumb/dumb_input.c b/src/dumb/dumb_input.c
index 03058ad..a012ae6 100644
--- a/src/dumb/dumb_input.c
+++ b/src/dumb/dumb_input.c
@@ -441,7 +441,10 @@ char *os_read_file_name (const char *default_name, int flag)
     }
   }
 
-  strcpy (file_name, buf[0] ? buf : default_name);
+  if (buf[0])
+    strncpy(file_name, buf, FILENAME_MAX);
+  else
+    strncpy(file_name, default_name, FILENAME_MAX);
 
   /* Check if we're restricted to one directory. */
   if (f_setup.restricted_path != NULL) {
@@ -452,7 +455,7 @@ char *os_read_file_name (const char *default_name, int flag)
       }
     }
     tempname = strdup(file_name + i);
-    strcpy(file_name, f_setup.restricted_path);
+    strncpy(file_name, f_setup.restricted_path, FILENAME_MAX);
     if (file_name[strlen(file_name)-1] != PATH_SEPARATOR) {
       strcat(file_name, "/");
     }
-- 
2.34.1