| From 81f085d9e1054b13e2e31525b35ef371b850af57 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Sun, 27 Jul 2025 22:14:33 +0530 |
| Subject: kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c |
| |
| From: Suchit Karunakaran <suchitkarunakaran@gmail.com> |
| |
| [ Upstream commit 5ac726653a1029a2eccba93bbe59e01fc9725828 ] |
| |
| strcpy() performs no bounds checking and can lead to buffer overflows if |
| the input string exceeds the destination buffer size. This patch replaces |
| it with strncpy(), and null terminates the input string. |
| |
| Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com> |
| Reviewed-by: Nicolas Schier <nicolas.schier@linux.dev> |
| Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| scripts/kconfig/lxdialog/inputbox.c | 6 ++++-- |
| 1 file changed, 4 insertions(+), 2 deletions(-) |
| |
| diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c |
| index 1dcfb288ee63..327b60cdb8da 100644 |
| --- a/scripts/kconfig/lxdialog/inputbox.c |
| +++ b/scripts/kconfig/lxdialog/inputbox.c |
| @@ -39,8 +39,10 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width |
| |
| if (!init) |
| instr[0] = '\0'; |
| - else |
| - strcpy(instr, init); |
| + else { |
| + strncpy(instr, init, sizeof(dialog_input_result) - 1); |
| + instr[sizeof(dialog_input_result) - 1] = '\0'; |
| + } |
| |
| do_resize: |
| if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGTH_MIN)) |
| -- |
| 2.39.5 |
| |
