Fix unbounded writes

src/configfile.c

@@ -408,13 +408,12 @@ static char *match_and_replace(const char *str, const char *pattern, char *devic
     assert(pattern != NULL);
     assert(device != NULL);
 
-    char *string = malloc(strlen(device) + PATH_MAX);
+    char *string = strndup(device, PATH_MAX);
     if (string == NULL)
     {
         tio_debug_printf("Failure allocating string memory\n");
         return NULL;
     }
-    strcpy(string, device);
 
     /* Find matches of pattern in str. For each match, replace any '%mN' in the
      * copy of the device string with the corresponding match subexpression and

src/fs.c

@@ -150,14 +150,7 @@ char* fs_search_directory(const char *dir_path, const char *dirname)
             // If it's a directory, check if it's the one we're looking for
             if (strcmp(entry->d_name, dirname) == 0)
             {
-                char* result = malloc(strlen(path) + 1);
+                char *result = strndup(path, PATH_MAX);
-                if (result == NULL)
-                {
-                    // Error allocating memory
-                    closedir(dir);
-                    return NULL;
-                }
-                strcpy(result, path);
                 closedir(dir);
                 return result;
             }

src/xymodem.c

@@ -688,7 +688,7 @@ int xymodem_send(int sio, const char *filename, modem_mode_t mode)
 
             rc = -1;
             if (strlen(filename) > 977) break; /* hdr block overrun */
-            p  = stpcpy(hdr, filename) + 1;
+            p  = stpncpy(hdr, filename, 1024) + 1;
             p += sprintf(p, "%ld %lo %o", len, stat.st_mtime, stat.st_mode);
 
             if (xmodem_1k(sio, hdr, p - hdr, 0) < 0) break; /* hdr with metadata */