From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: proc/readproc.c: Harden simple_nextpid().
X-Git-Tag: v3.3.15~64
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1b8ec51013a4045fa8c44d49ed9000356a6625ac;p=procps-ng

proc/readproc.c: Harden simple_nextpid().

Replace memcpy+strcpy with snprintf.
---

diff --git a/proc/readproc.c b/proc/readproc.c
index 18644ffb..aaa8a29c 100644
--- a/proc/readproc.c
+++ b/proc/readproc.c
@@ -1224,8 +1224,7 @@ static int simple_nextpid(PROCTAB *restrict const PT, proc_t *restrict const p)
   }
   p->tgid = strtoul(ent->d_name, NULL, 10);
   p->tid = p->tgid;
-  memcpy(path, "/proc/", 6);
-  strcpy(path+6, ent->d_name);  // trust /proc to not contain evil top-level entries
+  snprintf(path, PROCPATHLEN, "/proc/%s", ent->d_name);
   return 1;
 }