sulogin: Replace STRFCPY() by STRLCPY()

The variable is only being read as a string (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/sulogin.c b/src/sulogin.c
index 7f2d869557fa29208d51fccd61753f76d6514006..386493d161242eb664a2fc1d0ebe30885bf2f484 100644 (file)
--- a/src/sulogin.c
+++ b/src/sulogin.c
@@ -24,6 +24,7 @@
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "strlcpy.h"
 
 /*
  * Global variables
@@ -157,7 +158,7 @@ static void catch_signals (unused int sig)
 #endif
                        exit (0);
                }
-               STRFCPY (pass, cp);
+               STRLCPY(pass, cp);
                erase_pass (cp);
 
                if (valid (pass, &pwent)) {     /* check encrypted passwords ... */