server: Use strncat instead of strcat.

This is just hardening the code.

Found by Coverity.

1 files changed, 12 insertions, 4 deletions

diff --git a/src/server.c b/src/server.c
index 511d95b9..8db21b43 100644
--- a/src/server.c
+++ b/src/server.c
@@ -580,16 +580,24 @@ static int ssh_message_auth_reply_default(ssh_message msg,int partial) {
     session->auth_methods = SSH_AUTH_METHOD_PUBLICKEY | SSH_AUTH_METHOD_PASSWORD;
   }
   if (session->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
-    strcat(methods_c, "publickey,");
+    strncat(methods_c, "publickey,",
+            sizeof(methods_c) - strlen(methods_c) - 1);
   }
   if (session->auth_methods & SSH_AUTH_METHOD_INTERACTIVE) {
-    strcat(methods_c, "keyboard-interactive,");
+    strncat(methods_c, "keyboard-interactive,",
+            sizeof(methods_c) - strlen(methods_c) - 1);
   }
   if (session->auth_methods & SSH_AUTH_METHOD_PASSWORD) {
-    strcat(methods_c, "password,");
+    strncat(methods_c, "password,",
+            sizeof(methods_c) - strlen(methods_c) - 1);
   }
   if (session->auth_methods & SSH_AUTH_METHOD_HOSTBASED) {
-    strcat(methods_c, "hostbased,");
+    strncat(methods_c, "hostbased,",
+            sizeof(methods_c) - strlen(methods_c) - 1);
+  }
+
+  if (methods_c[0] == '\0' || strlen(methods_c) != ',') {
+      return SSH_ERROR;
   }
 
   /* Strip the comma. */