From c90c5405e83ab7e6ee8c5a264977052c3fa72840 Mon Sep 17 00:00:00 2001
From: "B. Watson" <urchlay@slackware.uk>
Date: Fri, 14 Nov 2025 17:54:01 -0500
Subject: Force null terminator on filename, s/strcpy/strncpy/g.

---
 TODO.txt      |  4 ----
 src/extract.c | 12 +++++++++---
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/TODO.txt b/TODO.txt
index 39d31b4..428a141 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -1,7 +1,3 @@
-- replace all uses of strcpy() with strncpy(), check the filename
-  in the archive (make sure it's not missing its null terminator).
-  old habits die hard...
-
 - sanity-check the filenames and sizes in alf headers. Atari filenames
   can't be lowercase, start with a number, have two dots... these would
   be warnings, not fatal errors.
diff --git a/src/extract.c b/src/extract.c
index 9c45941..515d2dd 100644
--- a/src/extract.c
+++ b/src/extract.c
@@ -24,6 +24,11 @@ void fix_filename(void) {
 
 	if(!out_filename) return;
 
+	if(strlen(out_filename) > 12) {
+		fprintf(stderr, "%s: filename in ALF header not null-terminated, fixing.\n", self);
+		out_filename[12] = '\0';
+	}
+
 	if(opts.lowercase) {
 		for(p = out_filename; *p; p++)
 			*p = tolower(*p);
@@ -37,10 +42,11 @@ void fix_filename(void) {
 }
 
 void make_backup(void) {
-	char backup[PATH_MAX];
+	/* up to 12-char FILENAME.EXT, plus a ~, plus null terminator = 14 */
+	char backup[14];
 
-	strcpy(backup, out_filename);
-	strcat(backup, "~");
+	strncpy(backup, out_filename, 13);
+	strncat(backup, "~", 13);
 
 	/* silently ignore errors! */
 	rename(out_filename, backup);
-- 
cgit v1.2.3