[PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()

[PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()

[tomasz.unger]

From: Tomasz Unger <tomasz.unger@yahoo.pl>

strcpy() does not limit the number of bytes copied which can lead to
buffer overflow. Replace with strscpy() which is safer as it limits
the copy to the size of the destination buffer.

Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
---
 drivers/nfc/pn544/i2c.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
index 1ecef0acaa50..b897357732fa 100644
--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
 
 	pr_info("Starting Firmware Download (%s)\n", firmware_name);
 
-	strcpy(phy->firmware_name, firmware_name);
+	strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));
 
 	phy->hw_variant = hw_variant;
 	phy->fw_work_state = FW_WORK_STATE_START;
-- 
2.53.0

Re: [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()

[Jakub Kicinski]

On Thu, 19 Feb 2026 20:24:16 +0100 tomasz.unger@yahoo.pl wrote:
> strcpy() does not limit the number of bytes copied which can lead to
> buffer overflow. Replace with strscpy() which is safer as it limits
> the copy to the size of the destination buffer.

## Form letter - net-next-closed

We have already submitted our pull request with net-next material for v7.0,
and therefore net-next is closed for new drivers, features, code refactoring
and optimizations. We are currently accepting bug fixes only.

Please repost when net-next reopens after Feb 23rd.

RFC patches sent for review only are obviously welcome at any time.

See: https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle
-- 
pw-bot: defer
pv-bot: closed

[PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()

[tomasz.unger]

From: Tomasz Unger <tomasz.unger@yahoo.pl>

strcpy() does not limit the number of bytes copied which can lead to
buffer overflow. Replace with strscpy() which is safer as it limits
the copy to the size of the destination buffer.

Compilation testing:
- checkpatch.pl: 0 errors, 0 warnings
- make drivers/nfc/pn544/i2c.o: compiled successfully

Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
---
 drivers/nfc/pn544/i2c.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
index a0dfb3f98d5a..7261e12aa6b5 100644
--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
 
 	pr_info("Starting Firmware Download (%s)\n", firmware_name);
 
-	strcpy(phy->firmware_name, firmware_name);
+	strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));
 
 	phy->hw_variant = hw_variant;
 	phy->fw_work_state = FW_WORK_STATE_START;
-- 
2.53.0

Re: [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()

[Simon Horman]

On Tue, Feb 24, 2026 at 08:22:42AM +0100, tomasz.unger@yahoo.pl wrote:
> From: Tomasz Unger <tomasz.unger@yahoo.pl>
> 
> strcpy() does not limit the number of bytes copied which can lead to
> buffer overflow. Replace with strscpy() which is safer as it limits
> the copy to the size of the destination buffer.
> 
> Compilation testing:
> - checkpatch.pl: 0 errors, 0 warnings
> - make drivers/nfc/pn544/i2c.o: compiled successfully
> 
> Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>

I am wondering if this is more of a cleanup, or more of a bug fix.
IOW, can an overflow actually occur?

Assuming that firmware_name is derived from user input I would suspect
that this is a bug fix. In which case it should be targeted at net.

	Subject: [PATCH net] ...

And have a Fixes tag denoting the commit that introduced the problem.
It should go immediately above your Signed-off-by line; no blank line in
between.

Otherwise it would be best to explicitly target this patch at
the net-next tree:

	Subject: [PATCH net-next] ...

AI generated review flagged that this looks like a bug fix.

> ---
>  drivers/nfc/pn544/i2c.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
> index a0dfb3f98d5a..7261e12aa6b5 100644
> --- a/drivers/nfc/pn544/i2c.c
> +++ b/drivers/nfc/pn544/i2c.c
> @@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
>  
>  	pr_info("Starting Firmware Download (%s)\n", firmware_name);
>  
> -	strcpy(phy->firmware_name, firmware_name);
> +	strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));

phy->firmware_name is an array.
So you can use the two-argument variant of strscpy() here.

>  
>  	phy->hw_variant = hw_variant;
>  	phy->fw_work_state = FW_WORK_STATE_START;

-- 
pw-bot: changes-requested