diff --git a/ChangeLog b/ChangeLog
index 49bcd10abc..0b7a920673 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-12-18  Joseph Myers  <joseph@codesourcery.com>
+
+	[BZ #22446]
+	* nscd/connections.c (handle_request) [SO_PEERCRED]: Use separate
+	buffers for readlink input and output.
+
 2017-12-15  Steve Ellcey  <sellcey@cavium.com>
 
 	* nscd/dbg_log.c (dbg_log): Increase msg buffer size.
diff --git a/NEWS b/NEWS
index fecdbdf103..f6c9a1412c 100644
--- a/NEWS
+++ b/NEWS
@@ -127,6 +127,7 @@ The following bugs are resolved with this release:
   [22375] malloc returns pointer from tcache instead of NULL (CVE-2017-17426)
   [22377] Provide a C++ version of iseqsig
   [22442] if_nametoindex: Check length of ifname before copying it
+  [22446] Fix nscd readlink argument aliasing
   [22447] Avoid use of strlen in getlogin_r
   [22463] Fix p_secstodate overflow handling
   [22627] $ORIGIN in $LD_LIBRARY_PATH is substituted twice
diff --git a/nscd/connections.c b/nscd/connections.c
index cc1ed72077..dab722dcb2 100644
--- a/nscd/connections.c
+++ b/nscd/connections.c
@@ -1077,14 +1077,15 @@ cannot handle old request version %d; current version is %d"),
       if (debug_level > 0)
 	{
 #ifdef SO_PEERCRED
+	  char pbuf[sizeof ("/proc//exe") + 3 * sizeof (long int)];
 # ifdef PATH_MAX
 	  char buf[PATH_MAX];
 # else
 	  char buf[4096];
 # endif
 
-	  snprintf (buf, sizeof (buf), "/proc/%ld/exe", (long int) pid);
-	  ssize_t n = readlink (buf, buf, sizeof (buf) - 1);
+	  snprintf (pbuf, sizeof (pbuf), "/proc/%ld/exe", (long int) pid);
+	  ssize_t n = readlink (pbuf, buf, sizeof (buf) - 1);
 
 	  if (n <= 0)
 	    dbg_log (_("\