chsh: Replace STRFCPY() by STRLCPY()
The variables are only being read as strings (char *), so data after the '\0' can't be leaked. Cc: Christian Göttsche <cgzones@googlemail.com> Cc: Serge Hallyn <serge@hallyn.com> Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
committed by
Iker Pedrosa
parent
8e33195c8e
commit
2ffc1a76f5
+3
-2
@@ -31,6 +31,7 @@
|
||||
/*@-exitarg@*/
|
||||
#include "exitcodes.h"
|
||||
#include "shadowlog.h"
|
||||
#include "strlcpy.h"
|
||||
|
||||
#ifndef SHELLS_FILE
|
||||
#define SHELLS_FILE "/etc/shells"
|
||||
@@ -257,7 +258,7 @@ static void process_flags (int argc, char **argv)
|
||||
break;
|
||||
case 's':
|
||||
sflg = true;
|
||||
STRFCPY (loginsh, optarg);
|
||||
STRLCPY(loginsh, optarg);
|
||||
break;
|
||||
default:
|
||||
usage (E_USAGE);
|
||||
@@ -552,7 +553,7 @@ int main (int argc, char **argv)
|
||||
* file, or use the value from the command line.
|
||||
*/
|
||||
if (!sflg) {
|
||||
STRFCPY (loginsh, pw->pw_shell);
|
||||
STRLCPY(loginsh, pw->pw_shell);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user