hurd: Fix strcpy calls

strcpy cannot be used with overlapping buffer, we have to use memmove
instead. strcpy also cannot be safely used when the destination buffer
is smaller that the source, we need to use strncpy to truncate the
source if needed.

diff --git a/hurd/lookup-retry.c b/hurd/lookup-retry.c
index 6d8b05e4e685ffee3a9c64e4afdec282c674ffb2..348549e334de24e1770ce710c27786a5d229bad2 100644 (file)
--- a/hurd/lookup-retry.c
+++ b/hurd/lookup-retry.c
@@ -292,7 +292,7 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port)
                  if (p < retryname)
                    abort ();   /* XXX write this right if this ever happens */
                  if (p > retryname)
-                   strcpy (retryname, p);
+                   memmove (retryname, p, strlen(p) + 1);
                  startdir = *result;
                }
              else
@@ -326,7 +326,7 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port)
                  case '/':
                    if (err = opentty (&startdir))
                      goto out;
-                   strcpy (retryname, &retryname[4]);
+                   memmove (retryname, &retryname[4], strlen(retryname + 4) + 1);
                    break;
                  default:
                    goto bad_magic;
@@ -344,7 +344,8 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port)
                  p = _itoa (__getpid (), &buf[sizeof buf], 10, 0);
                  len = &buf[sizeof buf] - p;
                  memcpy (buf, p, len);
-                 strcpy (buf + len, &retryname[3]);
+                 strncpy (buf + len, &retryname[3], sizeof buf - len - 1);
+                 buf[sizeof buf - 1] = '\0';
                  strcpy (retryname, buf);
 
                  /* Do a normal retry on the remaining components.  */