From 6dacb154e51c3f79d42652003ce5b6e160ef4195 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Sat, 29 Jul 2023 17:35:40 +0200 Subject: [PATCH] su: Replace STRFCPY() by STRLCPY() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The variables are only being read as strings (char *), so data after the '\0' can't be leaked. Cc: Christian Göttsche Cc: Serge Hallyn Cc: Iker Pedrosa Signed-off-by: Alejandro Colomar --- src/su.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/su.c b/src/su.c index 28445a30..e3ede542 100644 --- a/src/su.c +++ b/src/su.c @@ -57,6 +57,7 @@ /*@-exitarg@*/ #include "exitcodes.h" #include "shadowlog.h" +#include "strlcpy.h" /* * Global variables @@ -777,7 +778,7 @@ static void save_caller_context (char **argv) (unsigned long) caller_uid)); su_failure (caller_tty, true); /* unknown target UID*/ } - STRFCPY (caller_name, pw->pw_name); + STRLCPY(caller_name, pw->pw_name); #ifndef USE_PAM #ifdef SU_ACCESS @@ -852,7 +853,7 @@ static void process_flags (int argc, char **argv) } if (optind < argc) { - STRFCPY (name, argv[optind++]); /* use this login id */ + STRLCPY(name, argv[optind++]); /* use this login id */ } if ('\0' == name[0]) { /* use default user */ struct passwd *root_pw = getpwnam ("root");