File thttpd-2.25b-strcpy.patch of Package thttpd

--- libhttpd.c
+++ libhttpd.c
@@ -294,7 +294,8 @@
 	    }
 	/* Nuke any leading slashes in the cgi pattern. */
 	while ( ( cp = strstr( hs->cgi_pattern, "|/" ) ) != (char*) 0 )
-	    (void) strcpy( cp + 1, cp + 2 );
+	    /* -2 for the offset, +1 for the '\0' */
+	    (void) memmove( cp + 1, cp + 2, strlen( cp ) - 1 );
 	}
     hs->cgi_limit = cgi_limit;
     hs->cgi_count = 0;
@@ -1496,7 +1497,8 @@
 	/* Remove any leading slashes. */
 	while ( rest[0] == '/' )
 	    {
-	    (void) strcpy( rest, &(rest[1]) );
+	    /*One more for '\0', one less for the eaten first*/
+	    (void) memmove( rest, &(rest[1]), strlen(rest) );
 	    --restlen;
 	    }
     r = rest;
@@ -2333,8 +2335,8 @@
 		 hc->expnfilename, hc->hs->cwd, strlen( hc->hs->cwd ) ) == 0 )
 	    {
 	    /* Elide the current directory. */
-	    (void) strcpy(
-		hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )] );
+	    (void) memmove(
+		hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )], strlen(hc->expnfilename) - strlen( hc->hs->cwd ) + 1 );
 	    }
 #ifdef TILDE_MAP_2
 	else if ( hc->altdir[0] != '\0' &&
@@ -2405,15 +2407,15 @@
 
     /* Remove leading ./ and any /./ sequences. */
     while ( strncmp( file, "./", 2 ) == 0 )
-	(void) strcpy( file, file + 2 );
+	(void) memmove( file, file + 2, strlen( file ) - 1 );
     while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
-	(void) strcpy( cp, cp + 2 );
+	(void) memmove( cp, cp + 2, strlen( file ) - 1 );
 
     /* Alternate between removing leading ../ and removing xxx/../ */
     for (;;)
 	{
 	while ( strncmp( file, "../", 3 ) == 0 )
-	    (void) strcpy( file, file + 3 );
+	    (void) memmove( file, file + 3, strlen( file ) - 2 );
 	cp = strstr( file, "/../" );
 	if ( cp == (char*) 0 )
 	    break;
@@ -4083,7 +4085,7 @@
 	}
     else if ( IN6_IS_ADDR_V4MAPPED( &saP->sa_in6.sin6_addr ) && strncmp( str, "::ffff:", 7 ) == 0 )
 	/* Elide IPv6ish prefix for IPv4 addresses. */
-	(void) strcpy( str, &str[7] );
+	(void) memmove( str, &str[7], strlen( str ) - 6 );
 
     return str;
 
--- thttpd.c
+++ thttpd.c
@@ -573,7 +573,7 @@
 	    {
 	    if ( strncmp( logfile, cwd, strlen( cwd ) ) == 0 )
 		{
-		(void) strcpy( logfile, &logfile[strlen( cwd ) - 1] );
+		(void) memmove( logfile, &logfile[strlen( cwd ) - 1], strlen(logfile) - (strlen( cwd ) - 1) + 1 );
 		/* (We already guaranteed that cwd ends with a slash, so leaving
 		** that slash in logfile makes it an absolute pathname within
 		** the chroot tree.)
@@ -1422,9 +1422,9 @@
 
 	/* Nuke any leading slashes in pattern. */
 	if ( pattern[0] == '/' )
-	    (void) strcpy( pattern, &pattern[1] );
+	    (void) memmove( pattern, &pattern[1], strlen(pattern) );
 	while ( ( cp = strstr( pattern, "|/" ) ) != (char*) 0 )
-	    (void) strcpy( cp + 1, cp + 2 );
+	    (void) memmove( cp + 1, cp + 2, strlen(cp) - 1 );
 
 	/* Check for room in throttles. */
 	if ( numthrottles >= maxthrottles )