From 6534ff13cd1e0b181f079e675c92dba15b604a5f Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 23 Aug 2019 16:14:19 +0200
Subject: [PATCH] Avoid strncat use in proc_open

Instead manually manage the insertion position.
---
 ext/standard/proc_open.c | 29 ++++++++++++-----------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c
index 82662dfa27..256f6a892b 100644
--- a/ext/standard/proc_open.c
+++ b/ext/standard/proc_open.c
@@ -75,7 +75,7 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent
 	char **ep;
 #endif
 	char *p;
-	size_t cnt, l, sizeenv = 0;
+	size_t cnt, sizeenv = 0;
 	HashTable *env_hash;
 
 	memset(&env, 0, sizeof(env));
@@ -122,25 +122,20 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent
 	p = env.envp = (char *) pecalloc(sizeenv + 4, 1, is_persistent);
 
 	ZEND_HASH_FOREACH_STR_KEY_PTR(env_hash, key, str) {
-		if (key) {
-			l = ZSTR_LEN(key) + ZSTR_LEN(str) + 2;
-			memcpy(p, ZSTR_VAL(key), ZSTR_LEN(key));
-			strncat(p, "=", 1);
-			strncat(p, ZSTR_VAL(str), ZSTR_LEN(str));
-
-#ifndef PHP_WIN32
-			*ep = p;
-			++ep;
-#endif
-			p += l;
-		} else {
-			memcpy(p, ZSTR_VAL(str), ZSTR_LEN(str));
 #ifndef PHP_WIN32
-			*ep = p;
-			++ep;
+		*ep = p;
+		++ep;
 #endif
-			p += ZSTR_LEN(str) + 1;
+
+		if (key) {
+			memcpy(p, ZSTR_VAL(key), ZSTR_LEN(key));
+			p += ZSTR_LEN(key);
+			*p++ = '=';
 		}
+
+		memcpy(p, ZSTR_VAL(str), ZSTR_LEN(str));
+		p += ZSTR_LEN(str);
+		*p++ = '\0';
 		zend_string_release_ex(str, 0);
 	} ZEND_HASH_FOREACH_END();
 
-- 
2.50.1