[PATCH net-next v4] NFC: pn544: i2c: Replace strcpy() with strscpy()

[PATCH net-next v4] NFC: pn544: i2c: Replace strcpy() with strscpy()

[tomasz.unger]

From: Tomasz Unger <tomasz.unger@yahoo.pl>

Replace strcpy() with strscpy() which limits the copy to the size of
the destination buffer. Since phy->firmware_name is an array, the
two-argument variant of strscpy() is used - the compiler deduces
the buffer size automatically.

This is a defensive cleanup. As pointed out by Jakub Kicinski
<kuba@kernel.org>, firmware_name is already bounded to
NFC_FIRMWARE_NAME_MAXSIZE via nla_strscpy() in net/nfc/netlink.c
before reaching this driver, so no actual buffer overflow is possible.

Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
---
Changes since v3:
- Reworded commit message: removed "bug fix" and "buffer overflow"
  language as pointed out by Jakub Kicinski <kuba@kernel.org>;
  firmware_name is already bounded via nla_strscpy() in netlink.c
- Changed submission target from net to net-next (cleanup, not a fix)

Testing:
- checkpatch.pl: 0 errors, 0 warnings
- make M=drivers/nfc/pn544/: compiled successfully, 0 errors, 0 warnings

 drivers/nfc/pn544/i2c.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
index a0dfb3f98d5a..b31b5bef7187 100644
--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
 
 	pr_info("Starting Firmware Download (%s)\n", firmware_name);
 
-	strcpy(phy->firmware_name, firmware_name);
+	strscpy(phy->firmware_name, firmware_name);
 
 	phy->hw_variant = hw_variant;
 	phy->fw_work_state = FW_WORK_STATE_START;

-- 
2.53.0

Re: [PATCH net-next v4] NFC: pn544: i2c: Replace strcpy() with strscpy()

[Simon Horman]

On Sun, Mar 01, 2026 at 01:12:54PM +0100, tomasz.unger@yahoo.pl wrote:
> From: Tomasz Unger <tomasz.unger@yahoo.pl>
> 
> Replace strcpy() with strscpy() which limits the copy to the size of
> the destination buffer. Since phy->firmware_name is an array, the
> two-argument variant of strscpy() is used - the compiler deduces
> the buffer size automatically.
> 
> This is a defensive cleanup. As pointed out by Jakub Kicinski
> <kuba@kernel.org>, firmware_name is already bounded to
> NFC_FIRMWARE_NAME_MAXSIZE via nla_strscpy() in net/nfc/netlink.c
> before reaching this driver, so no actual buffer overflow is possible.
> 
> Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
> ---
> Changes since v3:
> - Reworded commit message: removed "bug fix" and "buffer overflow"
>   language as pointed out by Jakub Kicinski <kuba@kernel.org>;
>   firmware_name is already bounded via nla_strscpy() in netlink.c
> - Changed submission target from net to net-next (cleanup, not a fix)
> 
> Testing:
> - checkpatch.pl: 0 errors, 0 warnings
> - make M=drivers/nfc/pn544/: compiled successfully, 0 errors, 0 warnings

Reviewed-by: Simon Horman <horms@kernel.org>

Re: [PATCH net-next v4] NFC: pn544: i2c: Replace strcpy() with strscpy()

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Sun,  1 Mar 2026 13:12:54 +0100 you wrote:
> From: Tomasz Unger <tomasz.unger@yahoo.pl>
> 
> Replace strcpy() with strscpy() which limits the copy to the size of
> the destination buffer. Since phy->firmware_name is an array, the
> two-argument variant of strscpy() is used - the compiler deduces
> the buffer size automatically.
> 
> [...]

Here is the summary with links:
  - [net-next,v4] NFC: pn544: i2c: Replace strcpy() with strscpy()
    https://git.kernel.org/netdev/net-next/c/e63f5918adb8

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html