kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c

strcpy() performs no bounds checking and can lead to buffer overflows if
the input string exceeds the destination buffer size. This patch replaces
it with strncpy(), and null terminates the input string.

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
Reviewed-by: Nicolas Schier <nicolas.schier@linux.dev>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>

diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
index 3c6e24b20f5be618164a1c7025fc2ed6bed8a4a5..5e4a131724f2880cfb053149b94609512598063a 100644 (file)
--- a/scripts/kconfig/lxdialog/inputbox.c
+++ b/scripts/kconfig/lxdialog/inputbox.c
@@ -39,8 +39,10 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
 
        if (!init)
                instr[0] = '\0';
-       else
-               strcpy(instr, init);
+       else {
+               strncpy(instr, init, sizeof(dialog_input_result) - 1);
+               instr[sizeof(dialog_input_result) - 1] = '\0';
+       }
 
 do_resize:
        if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGHT_MIN))