gpasswd: Replace STRFCPY() by STRLCPY()

The variable is only being read as a string (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/gpasswd.c b/src/gpasswd.c
index 12fbc8072eb633a99b14ef5461fb9a26e81cec81..fbf50cbdbe29bec5aba4dd64bef693427b37c2f2 100644 (file)
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -32,8 +32,9 @@
 #endif
 /*@-exitarg@*/
 #include "exitcodes.h"
-
 #include "shadowlog.h"
+#include "strlcpy.h"
+
 /*
  * Global variables
  */
@@ -895,7 +896,7 @@ static void change_passwd (struct group *gr)
                        exit (1);
                }
 
-               STRFCPY (pass, cp);
+               STRLCPY(pass, cp);
                erase_pass (cp);
                cp = agetpass (_("Re-enter new password: "));
                if (NULL == cp) {