[PATCH 3/3] ecryptfs: Replace strcpy with strscpy in ecryptfs_validate_options
From: Thorsten Blum
Date: Sat Dec 13 2025 - 06:06:55 EST
strcpy() has been deprecated [1] because it performs no bounds checking
on the destination buffer, which can lead to buffer overflows. Replace
it with the safer strscpy().
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
---
fs/ecryptfs/main.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 16ea14dd2c62..636aff7a48cf 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -22,6 +22,7 @@
#include <linux/fs_stack.h>
#include <linux/sysfs.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include <linux/magic.h>
#include "ecryptfs_kernel.h"
@@ -353,13 +354,13 @@ static int ecryptfs_validate_options(struct fs_context *fc)
int cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER);
BUG_ON(cipher_name_len > ECRYPTFS_MAX_CIPHER_NAME_SIZE);
- strcpy(mount_crypt_stat->global_default_cipher_name,
- ECRYPTFS_DEFAULT_CIPHER);
+ strscpy(mount_crypt_stat->global_default_cipher_name,
+ ECRYPTFS_DEFAULT_CIPHER);
}
if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
&& !ctx->fn_cipher_name_set)
- strcpy(mount_crypt_stat->global_default_fn_cipher_name,
- mount_crypt_stat->global_default_cipher_name);
+ strscpy(mount_crypt_stat->global_default_fn_cipher_name,
+ mount_crypt_stat->global_default_cipher_name);
if (!ctx->cipher_key_bytes_set)
mount_crypt_stat->global_default_cipher_key_size = 0;
if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
--
Thorsten Blum <thorsten.blum@xxxxxxxxx>
GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4