passwd: Replace STRFCPY() by STRLCPY()

The variables are only being read as strings (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/passwd.c b/src/passwd.c
index 673282cfbb95d19f09080b2f94d009d5389464fc..ab5e5307a6c237cfdb9df93e2be74bcaa0d1e97d 100644 (file)
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -31,6 +31,7 @@
 #include "pwio.h"
 #include "shadowio.h"
 #include "shadowlog.h"
+#include "strlcpy.h"
 
 /*
  * exit status values
@@ -239,7 +240,7 @@ static int new_password (const struct passwd *pw)
                                        pw->pw_name);
                        return -1;
                }
-               STRFCPY (orig, clear);
+               STRLCPY(orig, clear);
                erase_pass (clear);
                strzero (cipher);
        } else {
@@ -301,7 +302,7 @@ static int new_password (const struct passwd *pw)
                if (warned && (strcmp (pass, cp) != 0)) {
                        warned = false;
                }
-               STRFCPY (pass, cp);
+               STRLCPY(pass, cp);
                erase_pass (cp);
 
                if (!amroot && (!obscure (orig, pass, pw) || reuse (pass, pw))) {
@@ -358,7 +359,7 @@ static int new_password (const struct passwd *pw)
 #ifdef HAVE_LIBCRACK_HIST
        HistUpdate (pw->pw_name, crypt_passwd);
 #endif                         /* HAVE_LIBCRACK_HIST */
-       STRFCPY (crypt_passwd, cp);
+       STRLCPY(crypt_passwd, cp);
        return 0;
 }
 
@@ -1029,7 +1030,7 @@ int main (int argc, char **argv)
                 * If there are no other flags, just change the password.
                 */
                if (!anyflag) {
-                       STRFCPY (crypt_passwd, cp);
+                       STRLCPY(crypt_passwd, cp);
 
                        /*
                         * See if the user is permitted to change the password.