Swap strcpy for strncpy strncpy has range checks, which reduce the possibility of overrunning the buffer in the case of a bug. Tested: clang-tidy cert check now passes. Needs functional testing. Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: I2fab19ca40f97cc0574146883ee19b573285a59c

commit: eb7d3d5400555715d755ed03722dbbfe2b6607c9 [log] [tgz]
author: Ed Tanous <ed.tanous@intel.com> Thu Oct 24 10:23:56 2019 -0700
committer: Ed Tanous <edtanous@gerrit.openbmc-project.xyz> Mon Aug 03 15:31:34 2020 +0000
tree: ed7af474c32096982bd730f5c432936770ebdfcb
parent: a47f32b559b447384db8752284b57b3fa7a2f511 [diff]
diff --git a/include/pam_authenticate.hpp b/include/pam_authenticate.hpp
index 59c8cd6..f2c7356 100644
--- a/include/pam_authenticate.hpp
+++ b/include/pam_authenticate.hpp

@@ -23,7 +23,7 @@
         return PAM_AUTH_ERR;
     }
 
-    std::strcpy(pass, appPass);
+    std::strncpy(pass, appPass, appPassSize + 1);
 
     *resp = reinterpret_cast<pam_response*>(
         calloc(static_cast<size_t>(numMsg), sizeof(struct pam_response)));
commit	eb7d3d5400555715d755ed03722dbbfe2b6607c9	[log] [tgz]
author	Ed Tanous <ed.tanous@intel.com>	Thu Oct 24 10:23:56 2019 -0700
committer	Ed Tanous <edtanous@gerrit.openbmc-project.xyz>	Mon Aug 03 15:31:34 2020 +0000
tree	ed7af474c32096982bd730f5c432936770ebdfcb
parent	a47f32b559b447384db8752284b57b3fa7a2f511 [diff]