kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c

[ Upstream commit 5ac726653a1029a2eccba93bbe59e01fc9725828 ]

strcpy() performs no bounds checking and can lead to buffer overflows if
the input string exceeds the destination buffer size. This patch replaces
it with strncpy(), and null terminates the input string.

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
Reviewed-by: Nicolas Schier <nicolas.schier@linux.dev>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
index 1dcfb288ee63630e7e73be6fe28f1fd1a3bc5857..327b60cdb8dacead60bbe2f648b44f7d2792d1d5 100644 (file)
--- a/scripts/kconfig/lxdialog/inputbox.c
+++ b/scripts/kconfig/lxdialog/inputbox.c
@@ -39,8 +39,10 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
 
        if (!init)
                instr[0] = '\0';
-       else
-               strcpy(instr, init);
+       else {
+               strncpy(instr, init, sizeof(dialog_input_result) - 1);
+               instr[sizeof(dialog_input_result) - 1] = '\0';
+       }
 
 do_resize:
        if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGTH_MIN))