su: Replace STRFCPY() by STRLCPY()

The variables are only being read as strings (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/su.c b/src/su.c
index 28445a3003da76561b0e154ec37bebaab8b28d25..e3ede542409d48f16364f92255c66ed7a07644ec 100644 (file)
--- a/src/su.c
+++ b/src/su.c
@@ -57,6 +57,7 @@
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "strlcpy.h"
 
 /*
  * Global variables
@@ -777,7 +778,7 @@ static void save_caller_context (char **argv)
                         (unsigned long) caller_uid));
                su_failure (caller_tty, true); /* unknown target UID*/
        }
-       STRFCPY (caller_name, pw->pw_name);
+       STRLCPY(caller_name, pw->pw_name);
 
 #ifndef USE_PAM
 #ifdef SU_ACCESS
@@ -852,7 +853,7 @@ static void process_flags (int argc, char **argv)
        }
 
        if (optind < argc) {
-               STRFCPY (name, argv[optind++]); /* use this login id */
+               STRLCPY(name, argv[optind++]);  /* use this login id */
        }
        if ('\0' == name[0]) {          /* use default user */
                struct passwd *root_pw = getpwnam ("root");