Fix strncat usage

The 'strncat' function may write up to n + 1 bytes into destination, so the 'n' parameter must be sizeof(dest) - strlen(dest) - 1. See [1] for a nice explanation from US CERT.

[1] https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/strncpy-and-strncat