[PATCH] staging/wlan-ng: remove strcpy() use in favor of strscpy()

From: Calvince Otieno
Date: Thu Oct 12 2023 - 01:27:57 EST

Next message: Stephen Rothwell: "linux-next: Tree for Oct 12"
Previous message: kernel test robot: "Re: [PATCH V3 03/16] platform/x86/intel/vsec: Use cleanup.h"
Next in thread: Bagas Sanjaya: "Re: [PATCH] staging/wlan-ng: remove strcpy() use in favor of strscpy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

strncpy() function is actively dangerous to use since it may not
NUL-terminate the destination string, resulting in potential memory
content exposures, unbounded reads, or crashes. strcpy() performs
no bounds checking on the destination buffer. The safe replacement
is strscpy() which is specific to the Linux kernel.

Signed-off-by: Calvince Otieno <calvncce@xxxxxxxxx>
---
drivers/staging/wlan-ng/prism2fw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/wlan-ng/prism2fw.c b/drivers/staging/wlan-ng/prism2fw.c
index 5d03b2b9aab4..57a99dd12143 100644
--- a/drivers/staging/wlan-ng/prism2fw.c
+++ b/drivers/staging/wlan-ng/prism2fw.c
@@ -725,7 +725,7 @@ static int plugimage(struct imgchunk *fchunk, unsigned int nfchunks,

if (j == -1) { /* plug the filename */
memset(dest, 0, s3plug[i].len);
- strncpy(dest, PRISM2_USB_FWFILE, s3plug[i].len - 1);
+ strscpy(dest, PRISM2_USB_FWFILE, s3plug[i].len - 1);
} else { /* plug a PDR */
memcpy(dest, &pda->rec[j]->data, s3plug[i].len);
}

Next message: Stephen Rothwell: "linux-next: Tree for Oct 12"
Previous message: kernel test robot: "Re: [PATCH V3 03/16] platform/x86/intel/vsec: Use cleanup.h"
Next in thread: Bagas Sanjaya: "Re: [PATCH] staging/wlan-ng: remove strcpy() use in favor of strscpy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]