From bb5f2e4964ee8784469107ef3b97519da189673d Mon Sep 17 00:00:00 2001
From: PatR <rankin@nethack.org>
Date: Sat, 7 May 2016 18:39:36 -0700
Subject: [PATCH] options bit

I glanced over the options parsing looking for issues, and it
seems that paranoid_confirm:long-string-of-junk might have been
vulnerable.  So this fixes that.
---
 src/options.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/options.c b/src/options.c
index bfcbba289..397c34a3a 100644
--- a/src/options.c
+++ b/src/options.c
@@ -2546,7 +2546,9 @@ boolean tinitial, tfrom_file;
         } else if ((op = string_for_opt(opts, TRUE)) != 0) {
             char *pp, buf[BUFSZ];
 
-            op = mungspaces(strcpy(buf, op));
+            strncpy(buf, op, sizeof buf - 1);
+            buf[sizeof buf - 1] = '\0';
+            op = mungspaces(buf);
             for (;;) {
                 /* We're looking to parse
                    "paranoid_confirm:whichone wheretwo whothree"
@@ -3106,8 +3108,7 @@ boolean tinitial, tfrom_file;
         if ((op = string_for_opt(opts, FALSE)) != 0) {
             if (iflags.wc_tile_file)
                 free(iflags.wc_tile_file);
-            iflags.wc_tile_file = (char *) alloc(strlen(op) + 1);
-            Strcpy(iflags.wc_tile_file, op);
+            iflags.wc_tile_file = dupstr(op);
         }
         return;
     }