tar: stack/heap overflow risk from unchecked strcpy/strcat when building global header name from [REDACTED]

In [REDACTED], xheader_ghdr_name() builds globexthdr_name by concatenating [REDACTED] (from getenv) and a static template using strcpy/strcat. The allocation size is computed as strlen(tmp)+strlen(template)+1, but the code uses strcpy/strcat which rely on the buffer being large enough and may be sensitive to string length changes or integer overflow; additionally, calling code treats [REDACTED] as attacker-controlled environment input, making this a high-risk construction pattern flagged by flawfinder as [REDACTED].