chage: Replace STRFCPY() by STRLCPY()

The variables are only being read as strings (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Alejandro Colomar
2023-06-08 20:33:13 +02:00
committed by Iker Pedrosa
parent 33abc8bcd9
commit 5579b40e35
+2 -1
View File
@@ -33,6 +33,7 @@
#include "pwio.h"
#include "shadowio.h"
#include "shadowlog.h"
#include "strlcpy.h"
#ifdef WITH_TCB
#include "tcbfuncs.h"
#endif
@@ -822,7 +823,7 @@ int main (int argc, char **argv)
fail_exit (E_NOPERM);
}
STRFCPY (user_name, pw->pw_name);
STRLCPY(user_name, pw->pw_name);
#ifdef WITH_TCB
if (shadowtcb_set_user (pw->pw_name) == SHADOWTCB_FAILURE) {
fail_exit (E_NOPERM);