diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2015-12-14 14:43:15 +0100 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2016-01-08 08:30:56 +0100 |
commit | 1cc4ba2aa100200e5cdae59fa397e09d22818da5 (patch) | |
tree | 1ab7706886bc317f64c409fcb12e7bf2398e1fb2 /lib/readline.c | |
parent | e3ae12a4185e1dc61f62bec90db12b1fc3dc906c (diff) | |
download | barebox-1cc4ba2aa100200e5cdae59fa397e09d22818da5.tar.gz barebox-1cc4ba2aa100200e5cdae59fa397e09d22818da5.tar.xz |
readline: Fix potential buffer overflow in command history
Cursor up copies the last line into the buffer without checking if it
fits into the current buffer. Fix this using safe_strncpy.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'lib/readline.c')
-rw-r--r-- | lib/readline.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/readline.c b/lib/readline.c index 4c9bb760d3..cac967005f 100644 --- a/lib/readline.c +++ b/lib/readline.c @@ -1,6 +1,7 @@ #include <common.h> #include <readkey.h> #include <init.h> +#include <libbb.h> #include <xfuncs.h> #include <complete.h> #include <linux/ctype.h> @@ -321,7 +322,7 @@ int readline(const char *prompt, char *buf, int len) ERASE_TO_EOL(); /* copy new line into place and display */ - strcpy(buf, hline); + safe_strncpy(buf, hline, len); eol_num = strlen(buf); REFRESH_TO_EOL(); continue; |