[PATCH 2/2] readline: Fix potential buffer overflow in command history

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Cursor up copies the last line into the buffer without checking if it
fits into the current buffer. Fix this using safe_strncpy.

Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
---
 lib/readline.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/readline.c b/lib/readline.c
index 4c9bb76..cac9670 100644
--- a/lib/readline.c
+++ b/lib/readline.c
@@ -1,6 +1,7 @@
 #include <common.h>
 #include <readkey.h>
 #include <init.h>
+#include <libbb.h>
 #include <xfuncs.h>
 #include <complete.h>
 #include <linux/ctype.h>
@@ -321,7 +322,7 @@ int readline(const char *prompt, char *buf, int len)
 			ERASE_TO_EOL();
 
 			/* copy new line into place and display */
-			strcpy(buf, hline);
+			safe_strncpy(buf, hline, len);
 			eol_num = strlen(buf);
 			REFRESH_TO_EOL();
 			continue;
-- 
2.6.2


_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox



[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux