Re: [PATCH v3] kconfig/lxdialog: replace strcpy() with strncpy() in inputbox.c
From: Suchit K
Date: Mon Jul 28 2025 - 00:48:57 EST
On Mon, 28 Jul 2025 at 09:59, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Sun, Jul 27, 2025 at 10:14:33PM +0530, Suchit Karunakaran wrote:
> > strcpy() performs no bounds checking and can lead to buffer overflows if
> > the input string exceeds the destination buffer size. This patch replaces
> > it with strncpy(), and null terminates the input string.
> >
> > Signed-off-by: Suchit Karunakaran <suchitkarunakaran@xxxxxxxxx>
> > ---
> > scripts/kconfig/lxdialog/inputbox.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
> > index 3c6e24b20f5b..5e4a131724f2 100644
> > --- a/scripts/kconfig/lxdialog/inputbox.c
> > +++ b/scripts/kconfig/lxdialog/inputbox.c
> > @@ -39,8 +39,10 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
> >
> > if (!init)
> > instr[0] = '\0';
> > - else
> > - strcpy(instr, init);
> > + else {
> > + strncpy(instr, init, sizeof(dialog_input_result) - 1);
> > + instr[sizeof(dialog_input_result) - 1] = '\0';
>
> As this is a userspace tool, why is this change needed at all? How can
> this overflow and if it does, what happens?
>
Hi Greg. The primary motivation for this patch was the deprecation of
strcpy(). Additionally, I believed there was a possibility of a buffer
overflow if the initial string accidentally exceeded the length of
instr, although the chances might be low.