diff options
| author | Tomasz Unger <tomasz.unger@yahoo.pl> | 2026-03-01 15:12:54 +0300 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2026-03-04 04:12:46 +0300 |
| commit | e63f5918adb8efa7d9609585318db773ac7cd241 (patch) | |
| tree | 2eafd1875920cf5378aba0ef2d51223e5f6ec4e4 | |
| parent | ed0abfe93fd135dac223e87a3c945017b1fa8bfc (diff) | |
| download | linux-e63f5918adb8efa7d9609585318db773ac7cd241.tar.xz | |
NFC: pn544: i2c: Replace strcpy() with strscpy()
Replace strcpy() with strscpy() which limits the copy to the size of
the destination buffer. Since phy->firmware_name is an array, the
two-argument variant of strscpy() is used - the compiler deduces
the buffer size automatically.
This is a defensive cleanup. As pointed out by Jakub Kicinski
<kuba@kernel.org>, firmware_name is already bounded to
NFC_FIRMWARE_NAME_MAXSIZE via nla_strscpy() in net/nfc/netlink.c
before reaching this driver, so no actual buffer overflow is possible.
Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20260301121254.174354-1-tomasz.unger@yahoo.pl
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
| -rw-r--r-- | drivers/nfc/pn544/i2c.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c index a0dfb3f98d5a..b31b5bef7187 100644 --- a/drivers/nfc/pn544/i2c.c +++ b/drivers/nfc/pn544/i2c.c @@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name, pr_info("Starting Firmware Download (%s)\n", firmware_name); - strcpy(phy->firmware_name, firmware_name); + strscpy(phy->firmware_name, firmware_name); phy->hw_variant = hw_variant; phy->fw_work_state = FW_WORK_STATE_START; |