diff -up mutt-1.10.1/imap/auth_gss.c.mutt-1.9.3-1_coverity_88_89 mutt-1.10.1/imap/auth_gss.c
--- mutt-1.10.1/imap/auth_gss.c.mutt-1.9.3-1_coverity_88_89	2018-10-25 15:32:18.258644709 +0200
+++ mutt-1.10.1/imap/auth_gss.c	2018-10-25 15:33:10.744412689 +0200
@@ -71,7 +71,7 @@ static void print_gss_error(OM_uint32 er
                 status_len = status_string.length;
                 if (status_len >= sizeof(buf_maj))
                         status_len = sizeof(buf_maj) - 1;
-		strncpy(buf_maj, (char*) status_string.value, status_len);
+		strfcpy(buf_maj, (char*) status_string.value, status_len);
                 buf_maj[status_len] = '\0';
 		gss_release_buffer(&min_stat, &status_string);
 		
@@ -86,7 +86,7 @@ static void print_gss_error(OM_uint32 er
                         status_len = status_string.length;
                         if (status_len >= sizeof(buf_min))
                                 status_len = sizeof(buf_min) - 1;
-			strncpy(buf_min, (char*) status_string.value, status_len);
+			strfcpy(buf_min, (char*) status_string.value, status_len);
                         buf_min[status_len] = '\0';
 			gss_release_buffer(&min_stat, &status_string);
 		}
@@ -273,7 +273,7 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA
   memcpy (buf1, &buf_size, 4);
   buf1[0] = GSS_AUTH_P_NONE;
   /* server decides if principal can log in as user */
-  strncpy (buf1 + 4, idata->conn->account.user, sizeof (buf1) - 4);
+  strfcpy (buf1 + 4, idata->conn->account.user, sizeof (buf1) - 4);
   request_buf.value = buf1;
   request_buf.length = 4 + strlen (idata->conn->account.user);
   maj_stat = gss_wrap (&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf,