Fix buffer overrun in gcore(1) NT_PRPSINFO

Use size of destination buffer, rather than a constant that may or may not
correspond to the source buffer, to restrict the length of copied strings.  In
particular, pr_fname has 16+1 characters but MAXCOMLEN is 18+1.

Use strlcpy instead of strncpy to ensure the result is nul-terminated.  This
seems to be what is expected of these fields.

Reported by:	Coverity
CIDs:		1011302, 1011378
Sponsored by:	EMC / Isilon Storage Division

1 files changed, 2 insertions, 2 deletions

diff --git a/usr.bin/gcore/elfcore.c b/usr.bin/gcore/elfcore.c
index 2d1acb8..c96e3ae 100644
--- a/usr.bin/gcore/elfcore.c
+++ b/usr.bin/gcore/elfcore.c
@@ -560,8 +560,8 @@ elf_note_prpsinfo(void *arg, size_t *sizep)
 		err(1, "kern.proc.pid.%u", pid);
 	if (kip.ki_pid != pid)
 		err(1, "kern.proc.pid.%u", pid);
-	strncpy(psinfo->pr_fname, kip.ki_comm, MAXCOMLEN);
-	strncpy(psinfo->pr_psargs, psinfo->pr_fname, PRARGSZ);
+	strlcpy(psinfo->pr_fname, kip.ki_comm, sizeof(psinfo->pr_fname));
+	strlcpy(psinfo->pr_psargs, psinfo->pr_fname, sizeof(psinfo->pr_psargs));
 
 	*sizep = sizeof(*psinfo);
 	return (psinfo);