| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025072842-require-smokeless-f98f@gregkh>
Date: Mon, 28 Jul 2025 06:29:12 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Suchit Karunakaran <suchitkarunakaran@...il.com>
Cc: masahiroy@...nel.org, nicolas.schier@...ux.dev,
linux-kbuild@...r.kernel.org, skhan@...uxfoundation.org,
linux-kernel-mentees@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] kconfig/lxdialog: replace strcpy() with strncpy() in
inputbox.c
On Sun, Jul 27, 2025 at 10:14:33PM +0530, Suchit Karunakaran wrote:
> strcpy() performs no bounds checking and can lead to buffer overflows if
> the input string exceeds the destination buffer size. This patch replaces
> it with strncpy(), and null terminates the input string.
>
> Signed-off-by: Suchit Karunakaran <suchitkarunakaran@...il.com>
> ---
> scripts/kconfig/lxdialog/inputbox.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
> index 3c6e24b20f5b..5e4a131724f2 100644
> --- a/scripts/kconfig/lxdialog/inputbox.c
> +++ b/scripts/kconfig/lxdialog/inputbox.c
> @@ -39,8 +39,10 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
>
> if (!init)
> instr[0] = '\0';
> - else
> - strcpy(instr, init);
> + else {
> + strncpy(instr, init, sizeof(dialog_input_result) - 1);
> + instr[sizeof(dialog_input_result) - 1] = '\0';
As this is a userspace tool, why is this change needed at all? How can
this overflow and if it does, what happens?
thanks,
greg k-h
Powered by blists - more mailing lists