diff options
author | Karel Zak | 2015-05-25 15:24:13 +0200 |
---|---|---|
committer | Karel Zak | 2015-05-25 15:24:13 +0200 |
commit | d681e0956cdca1a016346424939fe1b9c6a0a549 (patch) | |
tree | 99a5f884b633c1ca711236edb6e793b403e7cb38 /login-utils/sulogin.c | |
parent | build-sys: add --without-* for all libs (diff) | |
download | kernel-qcow2-util-linux-d681e0956cdca1a016346424939fe1b9c6a0a549.tar.gz kernel-qcow2-util-linux-d681e0956cdca1a016346424939fe1b9c6a0a549.tar.xz kernel-qcow2-util-linux-d681e0956cdca1a016346424939fe1b9c6a0a549.zip |
sulogin: don't use strcpy(), enlarge pwd line buffer
* according to "man getpwnam" 16384 bytes is enough to store one
passwd entry (let's use 2*BUFSIZE to avoid magic numbers in code)
* don't use strcpy() to set empty password
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils/sulogin.c')
-rw-r--r-- | login-utils/sulogin.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/login-utils/sulogin.c b/login-utils/sulogin.c index 51bc58239..f376bfc45 100644 --- a/login-utils/sulogin.c +++ b/login-utils/sulogin.c @@ -435,8 +435,8 @@ static struct passwd *getrootpwent(int try_manually) struct passwd *pw; struct spwd *spw; FILE *fp; - static char line[256]; - static char sline[256]; + static char line[2 * BUFSIZ]; + static char sline[2 * BUFSIZ]; char *p; /* @@ -472,7 +472,7 @@ static struct passwd *getrootpwent(int try_manually) /* * Find root in the password file. */ - while ((p = fgets(line, 256, fp)) != NULL) { + while ((p = fgets(line, sizeof(line), fp)) != NULL) { if (strncmp(line, "root:", 5) != 0) continue; p += 5; @@ -501,12 +501,12 @@ static struct passwd *getrootpwent(int try_manually) /* * The password is invalid. If there is a shadow password, try it. */ - strcpy(pwd.pw_passwd, ""); + *pwd.pw_passwd = '\0'; if ((fp = fopen(_PATH_SHADOW_PASSWD, "r")) == NULL) { warn(_("cannot open %s"), _PATH_PASSWD); return &pwd; } - while ((p = fgets(sline, 256, fp)) != NULL) { + while ((p = fgets(sline, sizeof(sline), fp)) != NULL) { if (strncmp(sline, "root:", 5) != 0) continue; p += 5; @@ -520,11 +520,11 @@ static struct passwd *getrootpwent(int try_manually) */ if (p == NULL) { warnx(_("%s: no entry for root"), _PATH_SHADOW_PASSWD); - strcpy(pwd.pw_passwd, ""); + *pwd.pw_passwd = '\0'; } if (!valid(pwd.pw_passwd)) { warnx(_("%s: root password garbled"), _PATH_SHADOW_PASSWD); - strcpy(pwd.pw_passwd, ""); + *pwd.pw_passwd = '\0'; } return &pwd; } |