gpasswd: Replace STRFCPY() by STRLCPY()

The variable is only being read as a string (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Alejandro Colomar
2023-07-29 18:04:30 +02:00
committed by Iker Pedrosa
parent fcc25a03cd
commit 7bfcf1724c
+3 -2
View File
@@ -32,8 +32,9 @@
#endif
/*@-exitarg@*/
#include "exitcodes.h"
#include "shadowlog.h"
#include "strlcpy.h"
/*
* Global variables
*/
@@ -895,7 +896,7 @@ static void change_passwd (struct group *gr)
exit (1);
}
STRFCPY (pass, cp);
STRLCPY(pass, cp);
erase_pass (cp);
cp = agetpass (_("Re-enter new password: "));
if (NULL == cp) {