From 5579b40e357a69df434b7549680d2e13ffab16e0 Mon Sep 17 00:00:00 2001
From: Alejandro Colomar <alx@kernel.org>
Date: Thu, 8 Jun 2023 20:33:13 +0200
Subject: [PATCH] chage: Replace STRFCPY() by STRLCPY()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The variables are only being read as strings (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
 src/chage.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/chage.c b/src/chage.c
index b8a11e8c4..6896cb15a 100644
--- a/src/chage.c
+++ b/src/chage.c
@@ -33,6 +33,7 @@
 #include "pwio.h"
 #include "shadowio.h"
 #include "shadowlog.h"
+#include "strlcpy.h"
 #ifdef WITH_TCB
 #include "tcbfuncs.h"
 #endif
@@ -822,7 +823,7 @@ int main (int argc, char **argv)
 		fail_exit (E_NOPERM);
 	}
 
-	STRFCPY (user_name, pw->pw_name);
+	STRLCPY(user_name, pw->pw_name);
 #ifdef WITH_TCB
 	if (shadowtcb_set_user (pw->pw_name) == SHADOWTCB_FAILURE) {
 		fail_exit (E_NOPERM);
-- 
2.47.2