[PATCH 2/2] readline: Fix potential buffer overflow in command history
Sascha Hauer
s.hauer at pengutronix.de
Tue Jan 5 00:25:10 PST 2016
Cursor up copies the last line into the buffer without checking if it
fits into the current buffer. Fix this using safe_strncpy.
Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
lib/readline.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/readline.c b/lib/readline.c
index 4c9bb76..cac9670 100644
--- a/lib/readline.c
+++ b/lib/readline.c
@@ -1,6 +1,7 @@
#include <common.h>
#include <readkey.h>
#include <init.h>
+#include <libbb.h>
#include <xfuncs.h>
#include <complete.h>
#include <linux/ctype.h>
@@ -321,7 +322,7 @@ int readline(const char *prompt, char *buf, int len)
ERASE_TO_EOL();
/* copy new line into place and display */
- strcpy(buf, hline);
+ safe_strncpy(buf, hline, len);
eol_num = strlen(buf);
REFRESH_TO_EOL();
continue;
--
2.6.2
More information about the barebox
mailing list