lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250727-fortunate-jackrabbit-of-dew-4efe3a@lindesnes>
Date: Sun, 27 Jul 2025 18:19:16 +0200
From: Nicolas Schier <nicolas.schier@...ux.dev>
To: Suchit Karunakaran <suchitkarunakaran@...il.com>
Cc: masahiroy@...nel.org, linux-kbuild@...r.kernel.org,
	skhan@...uxfoundation.org, linux-kernel-mentees@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] kconfig/lxdialog: replace strcpy() with strlcpy() in
 inputbox.c

On Sat, Jul 26, 2025 at 11:25:24PM +0530, Suchit Karunakaran wrote:
> strcpy() performs no bounds checking and can lead to buffer overflows if
> the input string exceeds the destination buffer size. This patch replaces
> it with strlcpy(), which ensures the input is always NULL-terminated,
> prevents overflows, following kernel coding guidelines.
> 
> Signed-off-by: Suchit Karunakaran <suchitkarunakaran@...il.com>
> 
> Changes since v1:
> - Replace strscpy with strlcpy
> 
> ---
>  scripts/kconfig/lxdialog/inputbox.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
> index 3c6e24b20f5b..ca778e270346 100644
> --- a/scripts/kconfig/lxdialog/inputbox.c
> +++ b/scripts/kconfig/lxdialog/inputbox.c
> @@ -40,7 +40,7 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
>  	if (!init)
>  		instr[0] = '\0';
>  	else
> -		strcpy(instr, init);
> +		strlcpy(instr, init, MAX_LEN + 1);

oh, I am sorry for the bad recommendation.  On my Debian bookworm arm64 
machine (w/o libbsd0), this does not compile as strlcpy() is not 
available (same as reported by kernel test robot [1]).  As libbsd0 it 
not a documented dependency, strlcpy() should then probably not be used 
either (and Documentation/process/deprecated.rst also argues against 
it).

So, keeping close to Masahiros mail [2] a few weeks ago, what about 
this?

	else {
		strncpy(instr, init, sizeof(dialog_input_result)-1);
		instr[sizeof(dialog_input_result)-1) = '\0';
	}

Kind regards,
Nicolas


[1]: https://lore.kernel.org/linux-kbuild/202507270411.j9vfofzH-lkp@intel.com/
[2]: https://lore.kernel.org/linux-kbuild/CAK7LNASH7HyQZtPjerws7K8Smn1OXeDAXODdB9VaULXiYOitQg@mail.gmail.com/

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ