commit 86be489f12669f3547fce77622fd609498037294
Author: Paul Crawford <paul@crawford-space.co.uk>
Date:   Mon Jun 8 17:36:41 2026 +0100

    Fix safe copy of socket path
    
    - strncpy should be given size of destination, not source length
    
    - enforce null termination even if too long

diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c
index 3e23d0bf..984e86f0 100644
--- a/plugins/check_ntp_time.c
+++ b/plugins/check_ntp_time.c
@@ -394,8 +394,10 @@ static offset_request_wrapper offset_request(const char *host, const char *port,
 		struct sockaddr_un unix_socket = {
 			.sun_family = AF_UNIX,
 		};
+		const size_t n = sizeof(unix_socket.sun_path);
 
-		strncpy(unix_socket.sun_path, host, strlen(host));
+		strncpy(unix_socket.sun_path, host, n);
+		unix_socket.sun_path[n - 1] = 0; /* NULL terminate always. */
 
 		if (connect(socklist[0], &unix_socket, sizeof(unix_socket))) {
 			/* don't die here, because it is enough if there is one server