chsh: Replace STRFCPY() by STRLCPY()

The variables are only being read as strings (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Alejandro Colomar
2023-06-08 20:46:09 +02:00
committed by Iker Pedrosa
parent 8e33195c8e
commit 2ffc1a76f5
+3 -2
View File
@@ -31,6 +31,7 @@
/*@-exitarg@*/
#include "exitcodes.h"
#include "shadowlog.h"
#include "strlcpy.h"
#ifndef SHELLS_FILE
#define SHELLS_FILE "/etc/shells"
@@ -257,7 +258,7 @@ static void process_flags (int argc, char **argv)
break;
case 's':
sflg = true;
STRFCPY (loginsh, optarg);
STRLCPY(loginsh, optarg);
break;
default:
usage (E_USAGE);
@@ -552,7 +553,7 @@ int main (int argc, char **argv)
* file, or use the value from the command line.
*/
if (!sflg) {
STRFCPY (loginsh, pw->pw_shell);
STRLCPY(loginsh, pw->pw_shell);
}
/*