kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

strcpy() performs no bounds checking and can lead to buffer overflows if
the input string exceeds the destination buffer size. This patch replaces
it with strncpy(), and null terminates the input string.

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
Reviewed-by: Nicolas Schier <nicolas.schier@linux.dev>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>

authored by

Suchit Karunakaran and committed by

Masahiro Yamada 8 months ago 5ac72665 1918f983

+4 -2

1 changed file

expand all

scripts

kconfig

lxdialog

inputbox.c

+4 -2

scripts/kconfig/lxdialog/inputbox.c

··· 39 39 40 40 if (!init) 41 41 instr[0] = '\0'; 42 - else 43 - strcpy(instr, init); 42 + else { 43 + strncpy(instr, init, sizeof(dialog_input_result) - 1); 44 + instr[sizeof(dialog_input_result) - 1] = '\0'; 45 + } 44 46 45 47 do_resize: 46 48 if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGHT_MIN))