]> git.ipfire.org Git - thirdparty/shadow.git/commitdiff
projects / thirdparty / shadow.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 33abc8b)
chage: Replace STRFCPY() by STRLCPY()
authorAlejandro Colomar <alx@kernel.org>
Thu, 8 Jun 2023 18:33:13 +0000 (20:33 +0200)
committerIker Pedrosa <ikerpedrosam@gmail.com>
Fri, 1 Sep 2023 07:39:23 +0000 (09:39 +0200)
The variables are only being read as strings (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
src/chage.c patch | blob | blame | history

diff --git a/src/chage.c b/src/chage.c
index b8a11e8c4a61a6bbb7683c0f87220aa57cdaf771..6896cb15a3e5e54dcec457653a7d53826757dd7a 100644 (file)
--- a/src/chage.c
+++ b/src/chage.c
@@ -33,6 +33,7 @@
 #include "pwio.h"
 #include "shadowio.h"
 #include "shadowlog.h"
+#include "strlcpy.h"
 #ifdef WITH_TCB
 #include "tcbfuncs.h"
 #endif
@@ -822,7 +823,7 @@ int main (int argc, char **argv)
                fail_exit (E_NOPERM);
        }
 
-       STRFCPY (user_name, pw->pw_name);
+       STRLCPY(user_name, pw->pw_name);
 #ifdef WITH_TCB
        if (shadowtcb_set_user (pw->pw_name) == SHADOWTCB_FAILURE) {
                fail_exit (E_NOPERM);
Mirror of https://github.com/shadow-maint/shadow.git