scrips/kconfig: reduce impact of getenv() buffer overflow

getenv() returns an string of unknown size, so Coverity warns that it
might be used to overflow the stack in the call chain off
conf_read_simple().

To avoid that, wisdom says copy to an string of known size and pass
that.

Change-Id: I9e468de0ae66429062027f58fe0a0a4e1197218f
Coverity-ID: 150819
Signed-off-by: Inaky Perez-Gonzalez <[email protected]>

Author: inaky-intc

scripts/kconfig/conf.c

@@ -600,10 +600,22 @@ int main(int ac, char **av)
 		if (!name)
 			break;
 		if ((strcmp(name, "") != 0) && (strcmp(name, "1") != 0)) {
-			if (conf_read_simple(name, S_DEF_USER)) {
+			/*
+			 * "640kb ought to be enough for anybody" sic
+			 *
+			 * Limit the _name variable, as environment
+			 * wise it is not limited and this way we
+			 * ensure there can be no attacks through it.
+			 *
+			 * Coverity made me do it.
+			 */
+			char _name[256];
+
+			strncpy(_name, name, sizeof(_name));
+			if (conf_read_simple(_name, S_DEF_USER)) {
 				fprintf(stderr,
 					_("*** Can't read seed configuration \"%s\"!\n"),
-					name);
+					_name);
 				exit(1);
 			}
 			break;