From 98ff923d615f2bb27b690b3889099f1f3a689be7 Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <phil@teuwen.org>
Date: Tue, 12 Mar 2019 22:04:23 +0100
Subject: [PATCH] fix more strncat usage (one must specify available room, not
 total dest buffer size)

---
 client/cmdhf15.c       |  2 +-
 client/fpga_compress.c | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/client/cmdhf15.c b/client/cmdhf15.c
index f209f361d..70058c04d 100644
--- a/client/cmdhf15.c
+++ b/client/cmdhf15.c
@@ -796,7 +796,7 @@ int CmdHF15Restore(const char *Cmd) {
                     case '2':
                     case 'o':
                         strncpy(newCmdPrefix, " ", sizeof(newCmdPrefix) - 1);
-                        strncat(newCmdPrefix, param, sizeof(newCmdPrefix) - 1);
+                        strncat(newCmdPrefix, param, sizeof(newCmdPrefix) - strlen(newCmdPrefix) - 1);
                         break;
                     default:
                         PrintAndLogEx(WARNING, "Unknown parameter '%s'", param);
diff --git a/client/fpga_compress.c b/client/fpga_compress.c
index 36e5872e0..7c5a4a883 100644
--- a/client/fpga_compress.c
+++ b/client/fpga_compress.c
@@ -322,42 +322,42 @@ static int FpgaGatherVersion(FILE *infile, char *infile_name, char *dst, int len
     }
 
     if (!memcmp("fpga_lf", basename(infile_name), 7))
-        strncat(dst, "LF", len - 1);
+        strncat(dst, "LF", len - strlen(dst) - 1);
     else if (!memcmp("fpga_hf", basename(infile_name), 7))
-        strncat(dst, "HF", len - 1);
+        strncat(dst, "HF", len - strlen(dst) - 1);
 
-    strncat(dst, " image built", len - 1);
+    strncat(dst, " image built", len - strlen(dst) - 1);
     if (bitparse_find_section(infile, 'b', &fpga_info_len)) {
-        strncat(dst, " for ", len - 1);
+        strncat(dst, " for ", len - strlen(dst) - 1);
         for (uint16_t i = 0; i < fpga_info_len; i++) {
             char c = (char)fgetc(infile);
             if (i < sizeof(tempstr)) {
                 tempstr[i] = c;
             }
         }
-        strncat(dst, tempstr, len - 1);
+        strncat(dst, tempstr, len - strlen(dst) - 1);
     }
 
     if (bitparse_find_section(infile, 'c', &fpga_info_len)) {
-        strncat(dst, " on ", len - 1);
+        strncat(dst, " on ", len - strlen(dst) - 1);
         for (uint16_t i = 0; i < fpga_info_len; i++) {
             char c = (char)fgetc(infile);
             if (i < sizeof(tempstr)) {
                 tempstr[i] = c;
             }
         }
-        strncat(dst, tempstr, len - 1);
+        strncat(dst, tempstr, len - strlen(dst) - 1);
     }
 
     if (bitparse_find_section(infile, 'd', &fpga_info_len)) {
-        strncat(dst, " at ", len - 1);
+        strncat(dst, " at ", len - strlen(dst) - 1);
         for (uint16_t i = 0; i < fpga_info_len; i++) {
             char c = (char)fgetc(infile);
             if (i < sizeof(tempstr)) {
                 tempstr[i] = c;
             }
         }
-        strncat(dst, tempstr, len - 1);
+        strncat(dst, tempstr, len - strlen(dst) - 1);
     }
     return 0;
 }