From df82a9795d15ad8eb584c5799cf62398900debfa Mon Sep 17 00:00:00 2001
From: Enno Rehling <enno.rehling@gmail.com>
Date: Fri, 30 Oct 2015 11:11:54 +0100
Subject: [PATCH] CID 22565: Copy into fixed size buffer (STRING_OVERFLOW)
 bsdstring to the rescue

---
 src/modules/autoseed.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/modules/autoseed.c b/src/modules/autoseed.c
index dd73943f2..4ba679439 100644
--- a/src/modules/autoseed.c
+++ b/src/modules/autoseed.c
@@ -31,6 +31,7 @@
 /* util includes */
 #include <util/attrib.h>
 #include <util/base36.h>
+#include <util/bsdstring.h>
 #include <util/goodies.h>
 #include <util/language.h>
 #include <util/lists.h>
@@ -186,8 +187,9 @@ newfaction *read_newfactions(const char *filename)
         if (email[0] == '\0')
             break;
         if (password[0] == '\0') {
-            strcpy(password, itoa36(rng_int()));
-            strcat(password, itoa36(rng_int()));
+            size_t sz;
+            sz = strlcpy(password, itoa36(rng_int()), sizeof(password));
+            sz += strlcat(password, itoa36(rng_int()), sizeof(password));
         }
         for (f = factions; f; f = f->next) {
             if (strcmp(f->email, email) == 0 && f->subscription