chsh: Replace STRFCPY() by STRLCPY()

The variables are only being read as strings (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/chsh.c b/src/chsh.c
index e069b9fb3707229b8aec0014cc8e828eab37200c..29f8afc8cf2dfb8004c78ed0f399fa401bc11ddf 100644 (file)
--- a/src/chsh.c
+++ b/src/chsh.c
@@ -31,6 +31,7 @@
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "strlcpy.h"
 
 #ifndef SHELLS_FILE
 #define SHELLS_FILE "/etc/shells"
@@ -257,7 +258,7 @@ static void process_flags (int argc, char **argv)
                        break;
                case 's':
                        sflg = true;
-                       STRFCPY (loginsh, optarg);
+                       STRLCPY(loginsh, optarg);
                        break;
                default:
                        usage (E_USAGE);
@@ -552,7 +553,7 @@ int main (int argc, char **argv)
         * file, or use the value from the command line.
         */
        if (!sflg) {
-               STRFCPY (loginsh, pw->pw_shell);
+               STRLCPY(loginsh, pw->pw_shell);
        }
 
        /*