diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/kconfig/conf.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c index fef75fc75..5545430b7 100644 --- a/scripts/kconfig/conf.c +++ b/scripts/kconfig/conf.c @@ -600,10 +600,22 @@ int main(int ac, char **av) if (!name) break; if ((strcmp(name, "") != 0) && (strcmp(name, "1") != 0)) { - if (conf_read_simple(name, S_DEF_USER)) { + /* + * "640kb ought to be enough for anybody" sic + * + * Limit the _name variable, as environment + * wise it is not limited and this way we + * ensure there can be no attacks through it. + * + * Coverity made me do it. + */ + char _name[256]; + + strncpy(_name, name, sizeof(_name)); + if (conf_read_simple(_name, S_DEF_USER)) { fprintf(stderr, _("*** Can't read seed configuration \"%s\"!\n"), - name); + _name); exit(1); } break; |