uss: Replace strcat with safer method

The grammar.y file uses a series of strcat's to build the accesslist
from the parsed tokens.  There is no checking to see if the result
exceeds the size of the output buffer.

Replace the strcpy/strcat's with a simple snprintf that concatenates
the tokens, and check to see if the snprintf failed.

If there was an error concatenating the tokens, emit a message.

NOTE: With --enable-checking a build error occurs on an Ubuntu 24.04
system, where the default _FORTIFY_SOURCE is set to 3 (hardened).  The
build produces the following:
    ...
    inlined from ‘yyparse’ at ./grammar.y:130:26:
    /usr/include/.../string_fortified.h:130:10: error: ‘__builtin___strcat_chk’ writing 2 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
    130 | return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest));
    ...(repeated for the other uses of strcat)...

The build error can be duplicated by setting _FORTIFY_SOURCE to 3.

Change-Id: I97e8a562f12d2a9f60a31d3b5a6f77a8458e7275
Reviewed-on: https://gerrit.openafs.org/15845
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>

src/uss/grammar.y

@@ -123,12 +123,20 @@ entry	:	DIR_TKN
 
 
 accesslist :	/* empty */
-			{strcpy($$," ");}
+			{
+				if (strlcpy($$, " ", sizeof($$)) >= sizeof($$)) {
+					uss_procs_PrintErr(line-1, "Internal error, incorrect size for accesslist buffer\n");
+					exit(1);
+				}
+			}
 	|	STRING_TKN
 		STRING_TKN
 		accesslist
-			{strcat($1," "); strcat($2," ");strcat($1,strcat($2,$3));strcpy($$,$1);}
-		
+			{
+				if (snprintf($$, sizeof($$), "%s %s %s", $1, $2, $3) >= sizeof($$)) {
+					uss_procs_PrintErr(line-1, " error in access list near \"%s\"\n", yylval.strval);
+				}
+			}
 	;
 
 %%