From 1d9ddb615aa18aa16b1a6888571fa23088bb6ea7 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] ps/output.c: Replace strcpy() with snprintf() in
 show_one_proc().

This strcpy() should normally not overflow outbuf, but names can be
overridden (via -o). Also, check "amount" in all cases.
---
 ps/output.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ps/output.c b/ps/output.c
index e5e29243..f375441e 100644
--- a/ps/output.c
+++ b/ps/output.c
@@ -2043,7 +2043,10 @@ void show_one_proc(const proc_t *restrict const p, const format_node *restrict f
 
     /* prepare data and calculate leftpad */
     if(likely(p) && likely(fmt->pr)) amount = (*fmt->pr)(outbuf,p);
-    else amount = strlen(strcpy(outbuf, fmt->name)); /* AIX or headers */
+    else amount = snprintf(outbuf, OUTBUF_SIZE, "%s", fmt->name); /* AIX or headers */
+
+    if(amount < 0) outbuf[amount = 0] = '\0';
+    else if(amount >= OUTBUF_SIZE) outbuf[amount = OUTBUF_SIZE-1] = '\0';
 
     switch((fmt->flags) & CF_JUST_MASK){
     case 0:  /* for AIX, assigned outside this file */