From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 16 Mar 2003 03:03:32 +0000 (+0000)
Subject: Kill remaining strcpy(), the programmer's guide says username is 32 bytes.
X-Git-Tag: SUDO_1_6_7~24
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ecee62038920b2b78b3b00d7a35f63b1893bc82f;p=sudo

Kill remaining strcpy(), the programmer's guide says username is 32 bytes.
---

diff --git a/auth/securid.c b/auth/securid.c
index fef170057..74c58f014 100644
--- a/auth/securid.c
+++ b/auth/securid.c
@@ -99,7 +99,8 @@ securid_setup(pw, promptp, auth)
 
     /* Re-initialize SecurID every time. */
     if (sd_init(sd) == 0) {
-	strcpy(sd->username, pw->pw_name);
+	/* The programmer's guide says username is 32 bytes */
+	strlcpy(sd->username, pw->pw_name, 32);
 	return(AUTH_SUCCESS);
     } else {
 	(void) fprintf(stderr, "%s: Cannot contact SecurID server\n", Argv[0]);