create_tempfile: pass pointer to full pathname to strlcat()

Fixes a potential buffer overrun.  Also check strlcpy() and strlcat()
return value to detect truncations.  Based on a diff from naddy@.
OK naddy@ tb@ deraadt@

usr.bin/xinstall/xinstall.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: xinstall.c,v 1.77 2022/12/04 23:50:50 cheloha Exp $	*/
+/*	$OpenBSD: xinstall.c,v 1.78 2024/10/17 15:38:38 millert Exp $	*/
 /*	$NetBSD: xinstall.c,v 1.9 1995/12/20 10:25:17 jonathan Exp $	*/
 
 /*
@@ -621,13 +621,19 @@ create_tempfile(char *path, char *temp, size_t tsize)
 {
 	char *p;
 
-	strlcpy(temp, path, tsize);
+	if (strlcpy(temp, path, tsize) >= tsize) {
+		errno = ENAMETOOLONG;
+		return(-1);
+	}
 	if ((p = strrchr(temp, '/')) != NULL)
 		p++;
 	else
 		p = temp;
 	*p = '\0';
-	strlcat(p, "INS@XXXXXXXXXX", tsize);
+	if (strlcat(temp, "INS@XXXXXXXXXX", tsize) >= tsize) {
+		errno = ENAMETOOLONG;
+		return(-1);
+	}
 
 	return(mkstemp(temp));
 }