Commit 6d150a17 authored Jul 27, 2025 by Suchit Karunakaran Committed by Greg Kroah-Hartman Aug 28, 2025

kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c



[ Upstream commit 5ac726653a1029a2eccba93bbe59e01fc9725828 ]

strcpy() performs no bounds checking and can lead to buffer overflows if
the input string exceeds the destination buffer size. This patch replaces
it with strncpy(), and null terminates the input string.

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
Reviewed-by: Nicolas Schier <nicolas.schier@linux.dev>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 1518eb08

scripts/kconfig/lxdialog/inputbox.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -39,8 +39,10 @@ int dialog_inputbox(const char title, const char prompt, int height, int width

		if (!init)
		instr[0] = '\0';
		else
		strcpy(instr, init);
		else {
		strncpy(instr, init, sizeof(dialog_input_result) - 1);
		instr[sizeof(dialog_input_result) - 1] = '\0';
		}

		do_resize:
		if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGTH_MIN))