sulogin: Replace STRFCPY() by STRLCPY()
The variable is only being read as a string (char *), so data after the '\0' can't be leaked. Cc: Christian Göttsche <cgzones@googlemail.com> Cc: Serge Hallyn <serge@hallyn.com> Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
committed by
Iker Pedrosa
parent
2ffc1a76f5
commit
3e0913f119
+2
-1
@@ -24,6 +24,7 @@
|
||||
/*@-exitarg@*/
|
||||
#include "exitcodes.h"
|
||||
#include "shadowlog.h"
|
||||
#include "strlcpy.h"
|
||||
|
||||
/*
|
||||
* Global variables
|
||||
@@ -157,7 +158,7 @@ static void catch_signals (unused int sig)
|
||||
#endif
|
||||
exit (0);
|
||||
}
|
||||
STRFCPY (pass, cp);
|
||||
STRLCPY(pass, cp);
|
||||
erase_pass (cp);
|
||||
|
||||
if (valid (pass, &pwent)) { /* check encrypted passwords ... */
|
||||
|
||||
Reference in New Issue
Block a user