From 2da5d8b246b806bee6f74b575217ec3b61a25548 Mon Sep 17 00:00:00 2001
From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Thu, 23 Dec 2021 13:30:44 +0000
Subject: [PATCH] Improved njs_ftw().

Replacing strcpy() with memcpy() as the former is considered
insecure.

Found by Clang static analyzer.
---
 external/njs_fs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/external/njs_fs.c b/external/njs_fs.c
index e76ac154..d0cd4bf9 100644
--- a/external/njs_fs.c
+++ b/external/njs_fs.c
@@ -2153,7 +2153,7 @@ njs_ftw(char *path, njs_file_tree_walk_cb_t cb, int fd_limit,
             }
 
             path[base] = '/';
-            strcpy(path + base + 1, d_name);
+            memcpy(&path[base + 1], d_name, length + sizeof("\0"));
 
             if (fd_limit != 0) {
                 ret = njs_ftw(path, cb, fd_limit - 1, flags, &trace);
-- 
2.47.3