superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c 

strcpy() performs no bounds checking and can lead to buffer overflows if
the input string exceeds the destination buffer size. This patch replaces
it with strncpy(), and null terminates the input string.

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
Reviewed-by: Nicolas Schier <nicolas.schier@linux.dev>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
pull/1315/head
Suchit Karunakaran 2025-07-27 22:14:33 +05:30 committed by Masahiro Yamada
parent 1918f98368
commit 5ac726653a
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/kconfig/lxdialog/inputbox.c
View File

@ -39,8 +39,10 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
if (!init)
instr[0] = '\0';
else
strcpy(instr, init);
else {
strncpy(instr, init, sizeof(dialog_input_result) - 1);
instr[sizeof(dialog_input_result) - 1] = '\0';
}
do_resize:
if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGHT_MIN))