From 7d5af6f0ba06d8f1c49912e42a863c09ed6710af Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Sun, 23 Oct 2016 16:52:28 +0200
Subject: [PATCH] getfacl: Don't trust length of incoming user/groupname

Fixes Coverity CIDs 60079 and 60080

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 winsup/utils/getfacl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/winsup/utils/getfacl.c b/winsup/utils/getfacl.c
index 6fb04e667..57c58fb6a 100644
--- a/winsup/utils/getfacl.c
+++ b/winsup/utils/getfacl.c
@@ -40,7 +40,7 @@ username (uid_t uid)
   struct passwd *pw;
 
   if ((pw = getpwuid (uid)))
-    strcpy (ubuf, pw->pw_name);
+    snprintf (ubuf, sizeof ubuf, "%s", pw->pw_name);
   else
     sprintf (ubuf, "%lu <unknown>", (unsigned long)uid);
   return ubuf;
@@ -53,7 +53,7 @@ groupname (gid_t gid)
   struct group *gr;
 
   if ((gr = getgrgid (gid)))
-    strcpy (gbuf, gr->gr_name);
+    snprintf (gbuf, sizeof gbuf, "%s", gr->gr_name);
   else
     sprintf (gbuf, "%lu <unknown>", (unsigned long)gid);
   return gbuf;
-- 
2.43.5