scrips/kconfig: reduce impact of getenv() buffer overflow

getenv() returns an string of unknown size, so Coverity warns that it might be used to overflow the stack in the call chain off conf_read_simple(). To avoid that, wisdom says copy to an string of known size and pass that. Change-Id: I9e468de0ae66429062027f58fe0a0a4e1197218f Coverity-ID: 150819 Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com> (cherry picked from commit 0307d6ea5fa361abe5c9fb1872f9dc8256208ee0)
author: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com> 2016-12-01 15:28:15 -0800
committer: Anas Nashif <nashif@linux.intel.com> 2016-12-02 04:16:53 +0000
commit: 96c4a4b3a39f403ce05293c4847da0d3f7aa159b (patch)
tree: 9d71014108be65d837545f9bb7a9dc2b80b87ae0 /scripts
parent: 1dc41f515f81c98aa3dd57c61f3e515580fa3677 (diff)
1 files changed, 14 insertions, 2 deletions
diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c
index fef75fc75..5545430b7 100644
--- a/scripts/kconfig/conf.c
+++ b/scripts/kconfig/conf.c
@@ -600,10 +600,22 @@ int main(int ac, char **av)
 		if (!name)
 			break;
 		if ((strcmp(name, "") != 0) && (strcmp(name, "1") != 0)) {
-			if (conf_read_simple(name, S_DEF_USER)) {
+			/*
+			 * "640kb ought to be enough for anybody" sic
+			 *
+			 * Limit the _name variable, as environment
+			 * wise it is not limited and this way we
+			 * ensure there can be no attacks through it.
+			 *
+			 * Coverity made me do it.
+			 */
+			char _name[256];
+
+			strncpy(_name, name, sizeof(_name));
+			if (conf_read_simple(_name, S_DEF_USER)) {
 				fprintf(stderr,
 					_("*** Can't read seed configuration \"%s\"!\n"),
-					name);
+					_name);
 				exit(1);
 			}
 			break;
author	Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>	2016-12-01 15:28:15 -0800
committer	Anas Nashif <nashif@linux.intel.com>	2016-12-02 04:16:53 +0000
commit	96c4a4b3a39f403ce05293c4847da0d3f7aa159b (patch)
tree	9d71014108be65d837545f9bb7a9dc2b80b87ae0 /scripts
parent	1dc41f515f81c98aa3dd57c61f3e515580fa3677 (diff)