scrips/kconfig: reduce impact of getenv() buffer overflow (96c4a4b3) · Commits · Wenxi XU / zephyr

getenv() returns an string of unknown size, so Coverity warns that it might be used to overflow the stack in the call chain off conf_read_simple(). To avoid that, wisdom says copy to an string of known size and pass that. Change-Id: I9e468de0ae66429062027f58fe0a0a4e1197218f Coverity-ID: 150819 Signed-off-by:

Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com> (cherry picked from commit )

scripts/kconfig/conf.c

+14 −2

Original line number	Diff line number	Diff line
		@@ -600,10 +600,22 @@ int main(int ac, char **av)
		if (!name)
		break;
		if ((strcmp(name, "") != 0) && (strcmp(name, "1") != 0)) {
		if (conf_read_simple(name, S_DEF_USER)) {
		/*
		* "640kb ought to be enough for anybody" sic
		*
		* Limit the _name variable, as environment
		* wise it is not limited and this way we
		* ensure there can be no attacks through it.
		*
		* Coverity made me do it.
		*/
		char _name[256];

		strncpy(_name, name, sizeof(_name));
		if (conf_read_simple(_name, S_DEF_USER)) {
		fprintf(stderr,
		_("*** Can't read seed configuration \"%s\"!\n"),
		name);
		_name);
		exit(1);
		}
		break;

Admin message