From c03e52786dd74c188c92e2156c2c75088d247096 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] 0078-proc/readproc.c: Harden simple_nextpid().

Replace memcpy+strcpy with snprintf.

---------------------------- adapted for newlib branch
. adapted via 'patch' (without rejections)

Signed-off-by: Jim Warner <james.warner@comcast.net>
---
 proc/readproc.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/proc/readproc.c b/proc/readproc.c
index 80fa212c..0b88242a 100644
--- a/proc/readproc.c
+++ b/proc/readproc.c
@@ -1228,8 +1228,7 @@ static int simple_nextpid(PROCTAB *restrict const PT, proc_t *restrict const p)
   }
   p->tgid = strtoul(ent->d_name, NULL, 10);
   p->tid = p->tgid;
-  memcpy(path, "/proc/", 6);
-  strcpy(path+6, ent->d_name);  // trust /proc to not contain evil top-level entries
+  snprintf(path, PROCPATHLEN, "/proc/%s", ent->d_name);
   return 1;
 }