Re: [PATCH 3/3] ecryptfs: Replace strcpy with strscpy in ecryptfs_validate_options

[Tyler Hicks]

On 2025-12-13 12:04:54, Thorsten Blum wrote:
> strcpy() has been deprecated [1] because it performs no bounds checking
> on the destination buffer, which can lead to buffer overflows. Replace
> it with the safer strscpy().
> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>

Acked-by: Tyler Hicks <code@xxxxxxxxxxx>

> ---
>  fs/ecryptfs/main.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index 16ea14dd2c62..636aff7a48cf 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -22,6 +22,7 @@
>  #include <linux/fs_stack.h>
>  #include <linux/sysfs.h>
>  #include <linux/slab.h>
> +#include <linux/string.h>
>  #include <linux/magic.h>
>  #include "ecryptfs_kernel.h"
>  
> @@ -353,13 +354,13 @@ static int ecryptfs_validate_options(struct fs_context *fc)
>  		int cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER);
>  
>  		BUG_ON(cipher_name_len > ECRYPTFS_MAX_CIPHER_NAME_SIZE);
> -		strcpy(mount_crypt_stat->global_default_cipher_name,
> -		       ECRYPTFS_DEFAULT_CIPHER);
> +		strscpy(mount_crypt_stat->global_default_cipher_name,
> +			ECRYPTFS_DEFAULT_CIPHER);
>  	}
>  	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
>  	    && !ctx->fn_cipher_name_set)
> -		strcpy(mount_crypt_stat->global_default_fn_cipher_name,
> -		       mount_crypt_stat->global_default_cipher_name);
> +		strscpy(mount_crypt_stat->global_default_fn_cipher_name,
> +			mount_crypt_stat->global_default_cipher_name);
>  	if (!ctx->cipher_key_bytes_set)
>  		mount_crypt_stat->global_default_cipher_key_size = 0;
>  	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
> -- 
> Thorsten Blum <thorsten.blum@xxxxxxxxx>
> GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4
>