[PATCH v2] kconfig/lxdialog: replace strcpy() with strlcpy() in inputbox.c

From: Suchit Karunakaran
Date: Sat Jul 26 2025 - 13:55:41 EST

Next message: Hendrik Hamerlinck: "Re: [PATCH v2] clk: spacemit: fix resource leak in spacemit_ccu_reset_register"
Previous message: pr-tracker-bot: "Re: [GIT PULL] soc: fixes for 6.16, part 3"
Next in thread: Nicolas Schier: "Re: [PATCH v2] kconfig/lxdialog: replace strcpy() with strlcpy() in inputbox.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

strcpy() performs no bounds checking and can lead to buffer overflows if
the input string exceeds the destination buffer size. This patch replaces
it with strlcpy(), which ensures the input is always NULL-terminated,
prevents overflows, following kernel coding guidelines.

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@xxxxxxxxx>

Changes since v1:
- Replace strscpy with strlcpy

---
scripts/kconfig/lxdialog/inputbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
index 3c6e24b20f5b..ca778e270346 100644
--- a/scripts/kconfig/lxdialog/inputbox.c
+++ b/scripts/kconfig/lxdialog/inputbox.c
@@ -40,7 +40,7 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
if (!init)
instr[0] = '\0';
else
- strcpy(instr, init);
+ strlcpy(instr, init, MAX_LEN + 1);

do_resize:
if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGHT_MIN))
--
2.50.1

Next message: Hendrik Hamerlinck: "Re: [PATCH v2] clk: spacemit: fix resource leak in spacemit_ccu_reset_register"
Previous message: pr-tracker-bot: "Re: [GIT PULL] soc: fixes for 6.16, part 3"
Next in thread: Nicolas Schier: "Re: [PATCH v2] kconfig/lxdialog: replace strcpy() with strlcpy() in inputbox.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]