[PATCH 1/3] ecryptfs: Replace strcpy with strscpy in ecryptfs_set_default_crypt_stat_vals

[PATCH 1/3] ecryptfs: Replace strcpy with strscpy in ecryptfs_set_default_crypt_stat_vals

[Thorsten Blum]

strcpy() has been deprecated [1] because it performs no bounds checking
on the destination buffer, which can lead to buffer overflows. Replace
it with the safer strscpy().

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 fs/ecryptfs/crypto.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 69536cacdea8..2c37ee6a8be1 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -21,6 +21,7 @@
 #include <linux/file.h>
 #include <linux/scatterlist.h>
 #include <linux/slab.h>
+#include <linux/string.h>
 #include <linux/unaligned.h>
 #include <linux/kernel.h>
 #include <linux/xattr.h>
@@ -717,7 +718,7 @@ static void ecryptfs_set_default_crypt_stat_vals(
 	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
 						      mount_crypt_stat);
 	ecryptfs_set_default_sizes(crypt_stat);
-	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
+	strscpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
 	crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
 	crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
 	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
-- 
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4

[PATCH 2/3] ecryptfs: Replace strcpy with strscpy in ecryptfs_cipher_code_to_string

[Thorsten Blum]

strcpy() has been deprecated [1] because it performs no bounds checking
on the destination buffer, which can lead to buffer overflows. Since
the parameter 'char *str' is just a pointer with no size information,
extend the function with a 'size' parameter to pass the destination
buffer's size as an additional argument. Adjust the call sites
accordingly.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 fs/ecryptfs/crypto.c          | 6 ++++--
 fs/ecryptfs/ecryptfs_kernel.h | 2 +-
 fs/ecryptfs/keystore.c        | 9 +++++++--
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 2c37ee6a8be1..c99fc60a4e3b 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -934,11 +934,12 @@ u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
 /**
  * ecryptfs_cipher_code_to_string
  * @str: Destination to write out the cipher name
+ * @size: Destination buffer size
  * @cipher_code: The code to convert to cipher name string
  *
  * Returns zero on success
  */
-int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
+int ecryptfs_cipher_code_to_string(char *str, size_t size, u8 cipher_code)
 {
 	int rc = 0;
 	int i;
@@ -946,7 +947,8 @@ int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
 	str[0] = '\0';
 	for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
 		if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
-			strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
+			strscpy(str, ecryptfs_cipher_code_str_map[i].cipher_str,
+				size);
 	if (str[0] == '\0') {
 		ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
 				"[%d]\n", cipher_code);
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 9e6ab0b41337..0d824350f31a 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -577,7 +577,7 @@ int ecryptfs_read_and_validate_header_region(struct inode *inode);
 int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
 					    struct inode *inode);
 u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
-int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
+int ecryptfs_cipher_code_to_string(char *str, size_t size, u8 cipher_code);
 void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
 int ecryptfs_generate_key_packet_set(char *dest_base,
 				     struct ecryptfs_crypt_stat *crypt_stat,
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 7f9f68c00ef6..b5204ab3150d 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -954,7 +954,9 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
 	s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
 	(*packet_size) += ECRYPTFS_SIG_SIZE;
 	s->cipher_code = data[(*packet_size)++];
-	rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
+	rc = ecryptfs_cipher_code_to_string(s->cipher_string,
+					    sizeof(s->cipher_string),
+					    s->cipher_code);
 	if (rc) {
 		printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
 		       __func__, s->cipher_code);
@@ -1172,7 +1174,9 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
 	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
 	       auth_tok->session_key.decrypted_key_size);
 	crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
-	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
+	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
+					    sizeof(crypt_stat->cipher),
+					    cipher_code);
 	if (rc) {
 		ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
 				cipher_code);
@@ -1438,6 +1442,7 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
 		goto out_free;
 	}
 	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
+					    sizeof(crypt_stat->cipher),
 					    (u16)data[(*packet_size)]);
 	if (rc)
 		goto out_free;
-- 
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4

Re: [PATCH 2/3] ecryptfs: Replace strcpy with strscpy in ecryptfs_cipher_code_to_string

[Tyler Hicks]

On 2025-12-13 12:04:52, Thorsten Blum wrote:
> strcpy() has been deprecated [1] because it performs no bounds checking
> on the destination buffer, which can lead to buffer overflows. Since
> the parameter 'char *str' is just a pointer with no size information,
> extend the function with a 'size' parameter to pass the destination
> buffer's size as an additional argument. Adjust the call sites
> accordingly.
> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>

Acked-by: Tyler Hicks <code@tyhicks.com>

> ---
>  fs/ecryptfs/crypto.c          | 6 ++++--
>  fs/ecryptfs/ecryptfs_kernel.h | 2 +-
>  fs/ecryptfs/keystore.c        | 9 +++++++--
>  3 files changed, 12 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
> index 2c37ee6a8be1..c99fc60a4e3b 100644
> --- a/fs/ecryptfs/crypto.c
> +++ b/fs/ecryptfs/crypto.c
> @@ -934,11 +934,12 @@ u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes)
>  /**
>   * ecryptfs_cipher_code_to_string
>   * @str: Destination to write out the cipher name
> + * @size: Destination buffer size
>   * @cipher_code: The code to convert to cipher name string
>   *
>   * Returns zero on success
>   */
> -int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
> +int ecryptfs_cipher_code_to_string(char *str, size_t size, u8 cipher_code)
>  {
>  	int rc = 0;
>  	int i;
> @@ -946,7 +947,8 @@ int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
>  	str[0] = '\0';
>  	for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
>  		if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
> -			strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
> +			strscpy(str, ecryptfs_cipher_code_str_map[i].cipher_str,
> +				size);
>  	if (str[0] == '\0') {
>  		ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
>  				"[%d]\n", cipher_code);
> diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
> index 9e6ab0b41337..0d824350f31a 100644
> --- a/fs/ecryptfs/ecryptfs_kernel.h
> +++ b/fs/ecryptfs/ecryptfs_kernel.h
> @@ -577,7 +577,7 @@ int ecryptfs_read_and_validate_header_region(struct inode *inode);
>  int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
>  					    struct inode *inode);
>  u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
> -int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
> +int ecryptfs_cipher_code_to_string(char *str, size_t size, u8 cipher_code);
>  void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
>  int ecryptfs_generate_key_packet_set(char *dest_base,
>  				     struct ecryptfs_crypt_stat *crypt_stat,
> diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
> index 7f9f68c00ef6..b5204ab3150d 100644
> --- a/fs/ecryptfs/keystore.c
> +++ b/fs/ecryptfs/keystore.c
> @@ -954,7 +954,9 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
>  	s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0';
>  	(*packet_size) += ECRYPTFS_SIG_SIZE;
>  	s->cipher_code = data[(*packet_size)++];
> -	rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code);
> +	rc = ecryptfs_cipher_code_to_string(s->cipher_string,
> +					    sizeof(s->cipher_string),
> +					    s->cipher_code);
>  	if (rc) {
>  		printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n",
>  		       __func__, s->cipher_code);
> @@ -1172,7 +1174,9 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
>  	memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
>  	       auth_tok->session_key.decrypted_key_size);
>  	crypt_stat->key_size = auth_tok->session_key.decrypted_key_size;
> -	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code);
> +	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
> +					    sizeof(crypt_stat->cipher),
> +					    cipher_code);
>  	if (rc) {
>  		ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n",
>  				cipher_code);
> @@ -1438,6 +1442,7 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
>  		goto out_free;
>  	}
>  	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
> +					    sizeof(crypt_stat->cipher),
>  					    (u16)data[(*packet_size)]);
>  	if (rc)
>  		goto out_free;
> -- 
> Thorsten Blum <thorsten.blum@linux.dev>
> GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4
> 

[PATCH 3/3] ecryptfs: Replace strcpy with strscpy in ecryptfs_validate_options

[Thorsten Blum]

strcpy() has been deprecated [1] because it performs no bounds checking
on the destination buffer, which can lead to buffer overflows. Replace
it with the safer strscpy().

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 fs/ecryptfs/main.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 16ea14dd2c62..636aff7a48cf 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -22,6 +22,7 @@
 #include <linux/fs_stack.h>
 #include <linux/sysfs.h>
 #include <linux/slab.h>
+#include <linux/string.h>
 #include <linux/magic.h>
 #include "ecryptfs_kernel.h"
 
@@ -353,13 +354,13 @@ static int ecryptfs_validate_options(struct fs_context *fc)
 		int cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER);
 
 		BUG_ON(cipher_name_len > ECRYPTFS_MAX_CIPHER_NAME_SIZE);
-		strcpy(mount_crypt_stat->global_default_cipher_name,
-		       ECRYPTFS_DEFAULT_CIPHER);
+		strscpy(mount_crypt_stat->global_default_cipher_name,
+			ECRYPTFS_DEFAULT_CIPHER);
 	}
 	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
 	    && !ctx->fn_cipher_name_set)
-		strcpy(mount_crypt_stat->global_default_fn_cipher_name,
-		       mount_crypt_stat->global_default_cipher_name);
+		strscpy(mount_crypt_stat->global_default_fn_cipher_name,
+			mount_crypt_stat->global_default_cipher_name);
 	if (!ctx->cipher_key_bytes_set)
 		mount_crypt_stat->global_default_cipher_key_size = 0;
 	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
-- 
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4

Re: [PATCH 3/3] ecryptfs: Replace strcpy with strscpy in ecryptfs_validate_options

[Tyler Hicks]

On 2025-12-13 12:04:54, Thorsten Blum wrote:
> strcpy() has been deprecated [1] because it performs no bounds checking
> on the destination buffer, which can lead to buffer overflows. Replace
> it with the safer strscpy().
> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>

Acked-by: Tyler Hicks <code@tyhicks.com>

> ---
>  fs/ecryptfs/main.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index 16ea14dd2c62..636aff7a48cf 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -22,6 +22,7 @@
>  #include <linux/fs_stack.h>
>  #include <linux/sysfs.h>
>  #include <linux/slab.h>
> +#include <linux/string.h>
>  #include <linux/magic.h>
>  #include "ecryptfs_kernel.h"
>  
> @@ -353,13 +354,13 @@ static int ecryptfs_validate_options(struct fs_context *fc)
>  		int cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER);
>  
>  		BUG_ON(cipher_name_len > ECRYPTFS_MAX_CIPHER_NAME_SIZE);
> -		strcpy(mount_crypt_stat->global_default_cipher_name,
> -		       ECRYPTFS_DEFAULT_CIPHER);
> +		strscpy(mount_crypt_stat->global_default_cipher_name,
> +			ECRYPTFS_DEFAULT_CIPHER);
>  	}
>  	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
>  	    && !ctx->fn_cipher_name_set)
> -		strcpy(mount_crypt_stat->global_default_fn_cipher_name,
> -		       mount_crypt_stat->global_default_cipher_name);
> +		strscpy(mount_crypt_stat->global_default_fn_cipher_name,
> +			mount_crypt_stat->global_default_cipher_name);
>  	if (!ctx->cipher_key_bytes_set)
>  		mount_crypt_stat->global_default_cipher_key_size = 0;
>  	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
> -- 
> Thorsten Blum <thorsten.blum@linux.dev>
> GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4
> 

Re: [PATCH 1/3] ecryptfs: Replace strcpy with strscpy in ecryptfs_set_default_crypt_stat_vals

[Tyler Hicks]

On 2025-12-13 12:04:50, Thorsten Blum wrote:
> strcpy() has been deprecated [1] because it performs no bounds checking
> on the destination buffer, which can lead to buffer overflows. Replace
> it with the safer strscpy().
> 
> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>

Acked-by: Tyler Hicks <code@tyhicks.com>

> ---
>  fs/ecryptfs/crypto.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
> index 69536cacdea8..2c37ee6a8be1 100644
> --- a/fs/ecryptfs/crypto.c
> +++ b/fs/ecryptfs/crypto.c
> @@ -21,6 +21,7 @@
>  #include <linux/file.h>
>  #include <linux/scatterlist.h>
>  #include <linux/slab.h>
> +#include <linux/string.h>
>  #include <linux/unaligned.h>
>  #include <linux/kernel.h>
>  #include <linux/xattr.h>
> @@ -717,7 +718,7 @@ static void ecryptfs_set_default_crypt_stat_vals(
>  	ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
>  						      mount_crypt_stat);
>  	ecryptfs_set_default_sizes(crypt_stat);
> -	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
> +	strscpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
>  	crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
>  	crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
>  	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
> -- 
> Thorsten Blum <thorsten.blum@linux.dev>
> GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4
>