lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aIZ7sDZdHAOg2cf_@fjasle.eu>
Date: Sun, 27 Jul 2025 21:19:12 +0200
From: Nicolas Schier <nicolas.schier@...ux.dev>
To: Suchit Karunakaran <suchitkarunakaran@...il.com>
Cc: masahiroy@...nel.org, linux-kbuild@...r.kernel.org,
	skhan@...uxfoundation.org, linux-kernel-mentees@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] kconfig/lxdialog: replace strcpy() with strncpy() in
 inputbox.c

On Sun, Jul 27, 2025 at 10:14:33PM +0530 Suchit Karunakaran wrote:
> strcpy() performs no bounds checking and can lead to buffer overflows if
> the input string exceeds the destination buffer size. This patch replaces
> it with strncpy(), and null terminates the input string.
> 
> Signed-off-by: Suchit Karunakaran <suchitkarunakaran@...il.com>
> ---
>  scripts/kconfig/lxdialog/inputbox.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)

Reviewed-by: Nicolas Schier <nicolas.schier@...ux.dev>

thanks for your contribution!

If you want to continue contributing, you might want to check-out tools
like b4 which simplifies sending and tracking patch-sets.

Kind regards,
Nicolas

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ