hurd: Fix strcpy calls

strcpy cannot be used with overlapping buffer, we have to use memmove
instead. strcpy also cannot be safely used when the destination buffer
is smaller that the source, we need to use strncpy to truncate the
source if needed.

1 files changed, 4 insertions, 3 deletions

diff --git a/hurd/lookup-retry.c b/hurd/lookup-retry.c
index 6d8b05e4e6..348549e334 100644
--- a/hurd/lookup-retry.c
+++ b/hurd/lookup-retry.c
@@ -292,7 +292,7 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port)
 		  if (p < retryname)
 		    abort ();	/* XXX write this right if this ever happens */
 		  if (p > retryname)
-		    strcpy (retryname, p);
+		    memmove (retryname, p, strlen(p) + 1);
 		  startdir = *result;
 		}
 	      else
@@ -326,7 +326,7 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port)
 		  case '/':
 		    if (err = opentty (&startdir))
 		      goto out;
-		    strcpy (retryname, &retryname[4]);
+		    memmove (retryname, &retryname[4], strlen(retryname + 4) + 1);
 		    break;
 		  default:
 		    goto bad_magic;
@@ -344,7 +344,8 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port)
 		  p = _itoa (__getpid (), &buf[sizeof buf], 10, 0);
 		  len = &buf[sizeof buf] - p;
 		  memcpy (buf, p, len);
-		  strcpy (buf + len, &retryname[3]);
+		  strncpy (buf + len, &retryname[3], sizeof buf - len - 1);
+		  buf[sizeof buf - 1] = '\0';
 		  strcpy (retryname, buf);
 
 		  /* Do a normal retry on the remaining components.  */