sulogin: Replace STRFCPY() by STRLCPY()

The variable is only being read as a string (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Alejandro Colomar
2023-07-29 17:28:23 +02:00
committed by Iker Pedrosa
parent 2ffc1a76f5
commit 3e0913f119
+2 -1
View File
@@ -24,6 +24,7 @@
/*@-exitarg@*/
#include "exitcodes.h"
#include "shadowlog.h"
#include "strlcpy.h"
/*
* Global variables
@@ -157,7 +158,7 @@ static void catch_signals (unused int sig)
#endif
exit (0);
}
STRFCPY (pass, cp);
STRLCPY(pass, cp);
erase_pass (cp);
if (valid (pass, &pwent)) { /* check encrypted passwords ... */