kconfig: lxdialog: replace strcpy with snprintf in print_autowrap

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

strcpy() does not perform bounds checking and can lead to buffer overflows
if the source string exceeds the destination buffer size. In
print_autowrap(), replace strcpy() with snprintf() to safely copy the
prompt string into the fixed-size tempstr buffer.

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>

authored by

Suchit Karunakaran and committed by

Masahiro Yamada 8 months ago 1918f983 eb549e19

+1 -2

1 changed file

expand all

scripts

kconfig

lxdialog

util.c

+1 -2

scripts/kconfig/lxdialog/util.c

··· 345 345 int prompt_len, room, wlen; 346 346 char tempstr[MAX_LEN + 1], *word, *sp, *sp2, *newline_separator = 0; 347 347 348 - strcpy(tempstr, prompt); 349 - 348 + snprintf(tempstr, sizeof(tempstr), "%s", prompt); 350 349 prompt_len = strlen(tempstr); 351 350 352 351 if (prompt_len <= width - x * 2) { /* If prompt is short */