From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sun, 22 Nov 2020 23:15:36 +0000 (+0000)
Subject: hurd: Fix strcpy calls
X-Git-Tag: glibc-2.33~283
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ee11682d4f530cbbd29b9e3aa69e8d7f8c269d1c;p=thirdparty%2Fglibc.git

hurd: Fix strcpy calls

strcpy cannot be used with overlapping buffer, we have to use memmove
instead. strcpy also cannot be safely used when the destination buffer
is smaller that the source, we need to use strncpy to truncate the
source if needed.
---

diff --git a/hurd/lookup-retry.c b/hurd/lookup-retry.c
index 6d8b05e4e68..348549e334d 100644
--- a/hurd/lookup-retry.c
+++ b/hurd/lookup-retry.c
@@ -292,7 +292,7 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port)
 		  if (p < retryname)
 		    abort ();	/* XXX write this right if this ever happens */
 		  if (p > retryname)
-		    strcpy (retryname, p);
+		    memmove (retryname, p, strlen(p) + 1);
 		  startdir = *result;
 		}
 	      else
@@ -326,7 +326,7 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port)
 		  case '/':
 		    if (err = opentty (&startdir))
 		      goto out;
-		    strcpy (retryname, &retryname[4]);
+		    memmove (retryname, &retryname[4], strlen(retryname + 4) + 1);
 		    break;
 		  default:
 		    goto bad_magic;
@@ -344,7 +344,8 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port)
 		  p = _itoa (__getpid (), &buf[sizeof buf], 10, 0);
 		  len = &buf[sizeof buf] - p;
 		  memcpy (buf, p, len);
-		  strcpy (buf + len, &retryname[3]);
+		  strncpy (buf + len, &retryname[3], sizeof buf - len - 1);
+		  buf[sizeof buf - 1] = '\0';
 		  strcpy (retryname, buf);
 
 		  /* Do a normal retry on the remaining components.  */