From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1aGMvy-0000cF-Lx for barebox@lists.infradead.org; Tue, 05 Jan 2016 08:25:39 +0000 From: Sascha Hauer Date: Tue, 5 Jan 2016 09:25:10 +0100 Message-Id: <1451982310-21615-2-git-send-email-s.hauer@pengutronix.de> In-Reply-To: <1451982310-21615-1-git-send-email-s.hauer@pengutronix.de> References: <1451982310-21615-1-git-send-email-s.hauer@pengutronix.de> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "barebox" Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org Subject: [PATCH 2/2] readline: Fix potential buffer overflow in command history To: Barebox List Cursor up copies the last line into the buffer without checking if it fits into the current buffer. Fix this using safe_strncpy. Signed-off-by: Sascha Hauer --- lib/readline.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/readline.c b/lib/readline.c index 4c9bb76..cac9670 100644 --- a/lib/readline.c +++ b/lib/readline.c @@ -1,6 +1,7 @@ #include #include #include +#include #include #include #include @@ -321,7 +322,7 @@ int readline(const char *prompt, char *buf, int len) ERASE_TO_EOL(); /* copy new line into place and display */ - strcpy(buf, hline); + safe_strncpy(buf, hline, len); eol_num = strlen(buf); REFRESH_TO_EOL(); continue; -- 2.6.2 _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox