From 9f23ba5a40b42acf4463b593bffd73caee8b527c Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Sun, 15 Jul 2018 20:43:44 -0700
Subject: [PATCH] Replace strndupa with strcpy

glibc only. A static string is better.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 modules/pam_exec/pam_exec.c | 31 +++++++++++--------------------
 1 file changed, 11 insertions(+), 20 deletions(-)

diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index 0ab6548..2fbab4f 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -102,7 +102,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
   int use_stdout = 0;
   int optargc;
   const char *logfile = NULL;
-  const char *authtok = NULL;
+  char authtok[PAM_MAX_RESP_SIZE];
   pid_t pid;
   int fds[2];
   int stdout_fds[2];
@@ -180,12 +180,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	      if (resp)
 		{
 		  pam_set_item (pamh, PAM_AUTHTOK, resp);
-		  authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
+		  strcpy (authtok, resp);
 		  _pam_drop (resp);
 		}
 	    }
 	  else
-	    authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
+	    strcpy (authtok, void_pass);
 
 	  if (pipe(fds) != 0)
 	    {
@@ -225,23 +225,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 
       if (expose_authtok) /* send the password to the child */
 	{
-	  if (authtok != NULL)
-	    {            /* send the password to the child */
-	      if (debug)
-		pam_syslog (pamh, LOG_DEBUG, "send password to child");
-	      if (write(fds[1], authtok, strlen(authtok)+1) == -1)
-		pam_syslog (pamh, LOG_ERR,
-			    "sending password to child failed: %m");
-	      authtok = NULL;
-	    }
-	  else
-	    {
-	      if (write(fds[1], "", 1) == -1)   /* blank password */
-		pam_syslog (pamh, LOG_ERR,
-			    "sending password to child failed: %m");
-	    }
-        close(fds[0]);       /* close here to avoid possible SIGPIPE above */
-        close(fds[1]);
+	  if (debug)
+	    pam_syslog (pamh, LOG_DEBUG, "send password to child");
+	  if (write(fds[1], authtok, strlen(authtok)) == -1)
+	    pam_syslog (pamh, LOG_ERR,
+			      "sending password to child failed: %m");
+
+          close(fds[0]);       /* close here to avoid possible SIGPIPE above */
+          close(fds[1]);
 	}
 
       if (use_stdout)
-- 
2.19.1