From 58e12015a42a15251871421c0b826038e99b7582 Mon Sep 17 00:00:00 2001
From: Anthony Tuininga <anthony.tuininga@oracle.com>
Date: Tue, 7 Aug 2018 11:19:47 -0600
Subject: [PATCH] The strncat() method doesn't take into account the size of
 the existing string so make sure that has been addressed as well
 (https://github.com/oracle/odpi/issues/69).

---
 src/dpiOci.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/dpiOci.c b/src/dpiOci.c
index de6b615f..8a36327d 100644
--- a/src/dpiOci.c
+++ b/src/dpiOci.c
@@ -1426,7 +1426,8 @@ static int dpiOci__findAndCheckDllArchitecture(const char *dllName,
         temp = strrchr(fullName, '\\');
         if (temp) {
             *(temp + 1) = '\0';
-            strncat(fullName, dllName, sizeof(fullName) - 1);
+            strncat(fullName, dllName,
+                    sizeof(fullName) - strlen(fullName) - 1);
             if (dpiOci__checkDllArchitecture(fullName) == 0)
                 found = 1;
         }
@@ -1434,8 +1435,8 @@ static int dpiOci__findAndCheckDllArchitecture(const char *dllName,
 
     // check current directory
     if (!found && GetCurrentDirectory(sizeof(fullName), fullName) != 0) {
-        strncat(fullName, "\\", sizeof(fullName) - 1);
-        strncat(fullName, dllName, sizeof(fullName) - 1);
+        temp = fullName + strlen(fullName);
+        snprintf(temp, sizeof(fullName) - strlen(fullName), "\\%s", dllName);
         if (dpiOci__checkDllArchitecture(fullName) == 0)
             found = 1;
     }
@@ -1552,7 +1553,8 @@ static void dpiOci__loadLibOnWindows(const char *dllName)
             temp = strrchr(moduleName, '\\');
             if (temp) {
                 *(temp + 1) = '\0';
-                strncat(moduleName, dllName, sizeof(moduleName) - 1);
+                strncat(moduleName, dllName,
+                        sizeof(moduleName) - strlen(moduleName) - 1);
                 dpiOciLibHandle = LoadLibrary(moduleName);
             }
         }