passwd: Replace STRFCPY() by STRLCPY()

The variables are only being read as strings (char *), so data after the '\0' can't be leaked. Cc: Christian Göttsche <cgzones@googlemail.com> Cc: Serge Hallyn <serge@hallyn.com> Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-11-27 20:15:11 +08:00 · 2023-07-29 18:11:02 +02:00 · 2023-07-29 18:11:02 +02:00 · 3029883888
commit 3029883888
parent 7bfcf1724c
1 changed files with 5 additions and 4 deletions
--- a/src/passwd.c
+++ b/src/passwd.c
@ -31,6 +31,7 @@
 #include "pwio.h"
 #include "shadowio.h"
 #include "shadowlog.h"
+#include "strlcpy.h"

 /*
 * exit status values
@ -239,7 +240,7 @@ static int new_password (const struct passwd *pw)
 			                pw->pw_name);
 			return -1;
 		}
-		STRFCPY (orig, clear);
+		STRLCPY(orig, clear);
 		erase_pass (clear);
 		strzero (cipher);
 	} else {
@ -301,7 +302,7 @@ static int new_password (const struct passwd *pw)
 		if (warned && (strcmp (pass, cp) != 0)) {
 			warned = false;
 		}
-		STRFCPY (pass, cp);
+		STRLCPY(pass, cp);
 		erase_pass (cp);

 		if (!amroot && (!obscure (orig, pass, pw) || reuse (pass, pw))) {
@ -358,7 +359,7 @@ static int new_password (const struct passwd *pw)
 #ifdef HAVE_LIBCRACK_HIST
 	HistUpdate (pw->pw_name, crypt_passwd);
 #endif				/* HAVE_LIBCRACK_HIST */
-	STRFCPY (crypt_passwd, cp);
+	STRLCPY(crypt_passwd, cp);
 	return 0;
 }

@ -1029,7 +1030,7 @@ int main (int argc, char **argv)
 		 * If there are no other flags, just change the password.
 		 */
 		if (!anyflag) {
-			STRFCPY (crypt_passwd, cp);
+			STRLCPY(crypt_passwd, cp);

 			/*
 			 * See if the user is permitted to change the password.