From: Alejandro Colomar <alx@kernel.org>
Date: Sat, 29 Jul 2023 16:11:02 +0000 (+0200)
Subject: passwd: Replace STRFCPY() by STRLCPY()
X-Git-Tag: 4.15.0-rc1~191
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3029883888266d7121bb267c6cf4ad79b6f2c144;p=thirdparty%2Fshadow.git

passwd: Replace STRFCPY() by STRLCPY()

The variables are only being read as strings (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/src/passwd.c b/src/passwd.c
index 673282cfb..ab5e5307a 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -31,6 +31,7 @@
 #include "pwio.h"
 #include "shadowio.h"
 #include "shadowlog.h"
+#include "strlcpy.h"
 
 /*
  * exit status values
@@ -239,7 +240,7 @@ static int new_password (const struct passwd *pw)
 			                pw->pw_name);
 			return -1;
 		}
-		STRFCPY (orig, clear);
+		STRLCPY(orig, clear);
 		erase_pass (clear);
 		strzero (cipher);
 	} else {
@@ -301,7 +302,7 @@ static int new_password (const struct passwd *pw)
 		if (warned && (strcmp (pass, cp) != 0)) {
 			warned = false;
 		}
-		STRFCPY (pass, cp);
+		STRLCPY(pass, cp);
 		erase_pass (cp);
 
 		if (!amroot && (!obscure (orig, pass, pw) || reuse (pass, pw))) {
@@ -358,7 +359,7 @@ static int new_password (const struct passwd *pw)
 #ifdef HAVE_LIBCRACK_HIST
 	HistUpdate (pw->pw_name, crypt_passwd);
 #endif				/* HAVE_LIBCRACK_HIST */
-	STRFCPY (crypt_passwd, cp);
+	STRLCPY(crypt_passwd, cp);
 	return 0;
 }
 
@@ -1029,7 +1030,7 @@ int main (int argc, char **argv)
 		 * If there are no other flags, just change the password.
 		 */
 		if (!anyflag) {
-			STRFCPY (crypt_passwd, cp);
+			STRLCPY(crypt_passwd, cp);
 
 			/*
 			 * See if the user is permitted to change the password.