From 1b8ec51013a4045fa8c44d49ed9000356a6625ac Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] proc/readproc.c: Harden simple_nextpid().

Replace memcpy+strcpy with snprintf.
---
 proc/readproc.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/proc/readproc.c b/proc/readproc.c
index 18644ffb..aaa8a29c 100644
--- a/proc/readproc.c
+++ b/proc/readproc.c
@@ -1224,8 +1224,7 @@ static int simple_nextpid(PROCTAB *restrict const PT, proc_t *restrict const p)
   }
   p->tgid = strtoul(ent->d_name, NULL, 10);
   p->tid = p->tgid;
-  memcpy(path, "/proc/", 6);
-  strcpy(path+6, ent->d_name);  // trust /proc to not contain evil top-level entries
+  snprintf(path, PROCPATHLEN, "/proc/%s", ent->d_name);
   return 1;
 }