breeze/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-01-12 00:42:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c

Browse Source 
strcpy() performs no bounds checking and can lead to buffer overflows if
the input string exceeds the destination buffer size. This patch replaces
it with strncpy(), and null terminates the input string.

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
Reviewed-by: Nicolas Schier <nicolas.schier@linux.dev>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
This commit is contained in:
Suchit Karunakaran
2025-07-27 22:14:33 +05:30
committed by Masahiro Yamada
parent 1918f98368
commit 5ac726653a
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/kconfig/lxdialog/inputbox.c
View File

@@ -39,8 +39,10 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
if (!init)
instr[0] = '\0';
else
strcpy(instr, init);
else {
strncpy(instr, init, sizeof(dialog_input_result) - 1);
instr[sizeof(dialog_input_result) - 1] = '\0';
}
do_resize:
if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGHT_MIN))