On Sat, Jun 06, 2026 at 09:26:03PM +0100, [email protected] wrote: > From: David Laight <[email protected]> > > derived_buf is guaranteed to be HASH_SIZE - and it is more than enough. > The strscpy() degenerates into an memcpy() (as did the strcpy()). > Do the same for the associated "ENC_KEY" copy. > > Removes a possibly unbounded strcpy(). > > Signed-off-by: David Laight <[email protected]> > --- > This is one of a group of patches that remove potentially unbounded > strcpy() calls. > > They are mostly replaced by strscpy() or, when strlen() has just been > called, with memcpy() (usually including the '\0'). > > Calls with copy string literals into arrays are left unchanged. > They are safe and easily detected as such. > > The changes were made by getting the compiler to detect the calls and > then fixing the code by hand. > > Note that all the changes are only compile tested. > > Some Makefiles were changed to allow files to contain strcpy(). > As well as 'difficult to fix' files, this included 'show' functions > as they really need to use sysfs_emit() or seq_printf(). > > All the patches are being sent individually to avoid very long cc lists. > Apologies for the terse commit messages and likely unexpected tags. > (There are about 100 patches in total.) > > security/keys/encrypted-keys/encrypted.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/keys/encrypted-keys/encrypted.c > b/security/keys/encrypted-keys/encrypted.c > index 56b531587a1e..59cb77b237b3 100644 > --- a/security/keys/encrypted-keys/encrypted.c > +++ b/security/keys/encrypted-keys/encrypted.c > @@ -343,9 +343,9 @@ static int get_derived_key(u8 *derived_key, enum > derived_key_type key_type, > return -ENOMEM; > > if (key_type) > - strcpy(derived_buf, "AUTH_KEY"); > + strscpy(derived_buf, "AUTH_KEY", HASH_SIZE); > else > - strcpy(derived_buf, "ENC_KEY"); > + strscpy(derived_buf, "ENC_KEY", HASH_SIZE); > > memcpy(derived_buf + strlen(derived_buf) + 1, master_key, > master_keylen); > -- > 2.39.5 >
Reviewed-by: Jarkko Sakkinen <[email protected]> BR, Jarkko
