strcpy() performs no bounds checking and can lead to buffer overflows if
the input string exceeds the destination buffer size. Replace it with
strscpy(), which ensures the input is always NULL-terminated and
prevents overflows.

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
---
 scripts/kconfig/lxdialog/inputbox.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
index 3c6e24b20f5b..8880ccaffa0b 100644
--- a/scripts/kconfig/lxdialog/inputbox.c
+++ b/scripts/kconfig/lxdialog/inputbox.c
@@ -40,7 +40,7 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
 	if (!init)
 		instr[0] = '\0';
 	else
-		strcpy(instr, init);
+		strscpy(instr, init, MAX_LEN + 1);
 
 do_resize:
 	if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGHT_MIN))
-- 
2.39.5

On Fri, Jul 25, 2025 at 11:29:28AM +0530, Suchit Karunakaran wrote:
> strcpy() performs no bounds checking and can lead to buffer overflows if
> the input string exceeds the destination buffer size. Replace it with
> strscpy(), which ensures the input is always NULL-terminated and
> prevents overflows.
> 
> Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
> ---
>  scripts/kconfig/lxdialog/inputbox.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
> index 3c6e24b20f5b..8880ccaffa0b 100644
> --- a/scripts/kconfig/lxdialog/inputbox.c
> +++ b/scripts/kconfig/lxdialog/inputbox.c
> @@ -40,7 +40,7 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
>  	if (!init)
>  		instr[0] = '\0';
>  	else
> -		strcpy(instr, init);
> +		strscpy(instr, init, MAX_LEN + 1);

Did you compile-test this?  strscpy() is not available for user-space.

Kind regards,
Nicolas

>
> Did you compile-test this?  strscpy() is not available for user-space.
>

Hi,
Apologies. I didn't compile the change earlier since it was just a
replacement of strcpy with strscpy, and I completely forgot that I was
working with userspace tools. After seeing your comment, I tried
compiling it and I encountered an error. Would it be more appropriate
to use memcpy or strlcpy instead in this case? I'd really appreciate
your guidance on the correct approach here. Thank you!

On Fri, Jul 25, 2025 at 08:06:35PM +0530 Suchit K wrote:
> > Did you compile-test this?  strscpy() is not available for user-space.
> >
> 
> Hi,
> Apologies. I didn't compile the change earlier since it was just a
> replacement of strcpy with strscpy, and I completely forgot that I was
> working with userspace tools. After seeing your comment, I tried
> compiling it and I encountered an error. Would it be more appropriate
> to use memcpy or strlcpy instead in this case? I'd really appreciate
> your guidance on the correct approach here. Thank you!

For the concrete code I'd use strlcpy, for some other uses of strcpy in
scripts/kconfig/ I'd probably choose differently.

As Franko already wrote: it would be nice if you could also send patches
for the other strcpy calls below scripts/kconfig/.

But please always compile and test your changes.

Thanks and kind regards
Nicolas


-- 
epost|xmpp: nicolas@fjasle.eu          irc://oftc.net/nsc
↳ gpg: 18ed 52db e34f 860e e9fb  c82b 7d97 0932 55a0 ce7f
     -- frykten for herren er opphav til kunnskap --

>
> For the concrete code I'd use strlcpy, for some other uses of strcpy in
> scripts/kconfig/ I'd probably choose differently.
>

Sure, I'll make the necessary changes.

> As Franko already wrote: it would be nice if you could also send patches
> for the other strcpy calls below scripts/kconfig/.
>
> But please always compile and test your changes.
>

Yes, I’ll send patches for the other strcpy usages as well. Apologies
for not compiling it earlier, I’m still new to kernel development and
appreciate your patience. Thanks!

On 25/07/25 at 07:59, Suchit Karunakaran wrote:
> strcpy() performs no bounds checking and can lead to buffer overflows if
> the input string exceeds the destination buffer size. Replace it with
> strscpy(), which ensures the input is always NULL-terminated and
> prevents overflows.
> 
> Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
> ---
>   scripts/kconfig/lxdialog/inputbox.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
> index 3c6e24b20f5b..8880ccaffa0b 100644
> --- a/scripts/kconfig/lxdialog/inputbox.c
> +++ b/scripts/kconfig/lxdialog/inputbox.c
> @@ -40,7 +40,7 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
>   	if (!init)
>   		instr[0] = '\0';
>   	else
> -		strcpy(instr, init);
> +		strscpy(instr, init, MAX_LEN + 1);
>   
>   do_resize:
>   	if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGHT_MIN))

perhaps it's better to sanitize the whole code in
script/kconfig not only in lxdialog/inputbox.c

$ grep -Rn strcpy scripts/kconfig/*
scripts/kconfig/confdata.c:143: strcpy(depfile_path + 
depfile_prefix_len, name);
scripts/kconfig/lxdialog/util.c:348:    strcpy(tempstr, prompt);
scripts/kconfig/lxdialog/inputbox.c:43:         strcpy(instr, init);
scripts/kconfig/symbol.c:764:   strcpy(val, newval);
scripts/kconfig/util.c:55:      strcpy(gs.s, "\0");

because the script "checkpatch.pl" emits a warning
whether strcpy() function is used:

WARNING: Prefer strscpy over strcpy - see: 
https://github.com/KSPP/linux/issues/88

Kind regards,
-- 
Franco Martelli

On Fri, 25 Jul 2025 at 15:23, Franco Martelli <martellif67@gmail.com> wrote:
>
> On 25/07/25 at 07:59, Suchit Karunakaran wrote:
> > strcpy() performs no bounds checking and can lead to buffer overflows if
> > the input string exceeds the destination buffer size. Replace it with
> > strscpy(), which ensures the input is always NULL-terminated and
> > prevents overflows.
> >
> > Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
> > ---
> >   scripts/kconfig/lxdialog/inputbox.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
> > index 3c6e24b20f5b..8880ccaffa0b 100644
> > --- a/scripts/kconfig/lxdialog/inputbox.c
> > +++ b/scripts/kconfig/lxdialog/inputbox.c
> > @@ -40,7 +40,7 @@ int dialog_inputbox(const char *title, const char *prompt, int height, int width
> >       if (!init)
> >               instr[0] = '\0';
> >       else
> > -             strcpy(instr, init);
> > +             strscpy(instr, init, MAX_LEN + 1);
> >
> >   do_resize:
> >       if (getmaxy(stdscr) <= (height - INPUTBOX_HEIGHT_MIN))
>
> perhaps it's better to sanitize the whole code in
> script/kconfig not only in lxdialog/inputbox.c
>
> $ grep -Rn strcpy scripts/kconfig/*
> scripts/kconfig/confdata.c:143: strcpy(depfile_path +
> depfile_prefix_len, name);
> scripts/kconfig/lxdialog/util.c:348:    strcpy(tempstr, prompt);
> scripts/kconfig/lxdialog/inputbox.c:43:         strcpy(instr, init);
> scripts/kconfig/symbol.c:764:   strcpy(val, newval);
> scripts/kconfig/util.c:55:      strcpy(gs.s, "\0");
>
> because the script "checkpatch.pl" emits a warning
> whether strcpy() function is used:
>
> WARNING: Prefer strscpy over strcpy - see:
> https://github.com/KSPP/linux/issues/88
>

Hi Franco, I wanted to get feedback on this first before proceeding
further. If the code change looks good to you, I’ll go ahead and
submit patches for the other places as well. Thanks!