The function strncat is used 29 times at present, and appears to be subject to a widespread misunderstanding. The function does NOT limit the length of the result to the value of the final parameter. It limits the number of characters added to the value of the final parameter. So, a safe use of strncat would be:
strncat(str1, str2, sizeof(str1) - sizeof(str2) - 1);
I am not recommending that exact construction, simply giving it as an illustration of correct use of the size limit in strncat.