From 3e0913f11923edca6999d8682b18ad2b3579bfd1 Mon Sep 17 00:00:00 2001
From: Alejandro Colomar <alx@kernel.org>
Date: Sat, 29 Jul 2023 17:28:23 +0200
Subject: [PATCH] sulogin: Replace STRFCPY() by STRLCPY()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The variable is only being read as a string (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
 src/sulogin.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/sulogin.c b/src/sulogin.c
index 7f2d86955..386493d16 100644
--- a/src/sulogin.c
+++ b/src/sulogin.c
@@ -24,6 +24,7 @@
 /*@-exitarg@*/
 #include "exitcodes.h"
 #include "shadowlog.h"
+#include "strlcpy.h"
 
 /*
  * Global variables
@@ -157,7 +158,7 @@ static void catch_signals (unused int sig)
 #endif
 			exit (0);
 		}
-		STRFCPY (pass, cp);
+		STRLCPY(pass, cp);
 		erase_pass (cp);
 
 		if (valid (pass, &pwent)) {	/* check encrypted passwords ... */
-- 
2.47.2