[PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()
       [not found] <20260224072242.32551-1-tomasz.unger.ref@yahoo.pl>
@ 2026-02-24  7:22 ` tomasz.unger
  2026-02-25  9:39   ` Simon Horman
  0 siblings, 1 reply; 4+ messages in thread
From: tomasz.unger @ 2026-02-24  7:22 UTC (permalink / raw)
  To: netdev; +Cc: linux-kernel, Tomasz Unger

From: Tomasz Unger <tomasz.unger@yahoo.pl>

strcpy() does not limit the number of bytes copied which can lead to
buffer overflow. Replace with strscpy() which is safer as it limits
the copy to the size of the destination buffer.

Compilation testing:
- checkpatch.pl: 0 errors, 0 warnings
- make drivers/nfc/pn544/i2c.o: compiled successfully

Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
---
 drivers/nfc/pn544/i2c.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
index a0dfb3f98d5a..7261e12aa6b5 100644
--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
 
 	pr_info("Starting Firmware Download (%s)\n", firmware_name);
 
-	strcpy(phy->firmware_name, firmware_name);
+	strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));
 
 	phy->hw_variant = hw_variant;
 	phy->fw_work_state = FW_WORK_STATE_START;
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()
  2026-02-24  7:22 ` [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy() tomasz.unger
@ 2026-02-25  9:39   ` Simon Horman
  0 siblings, 0 replies; 4+ messages in thread
From: Simon Horman @ 2026-02-25  9:39 UTC (permalink / raw)
  To: tomasz.unger; +Cc: netdev, linux-kernel

On Tue, Feb 24, 2026 at 08:22:42AM +0100, tomasz.unger@yahoo.pl wrote:
> From: Tomasz Unger <tomasz.unger@yahoo.pl>
> 
> strcpy() does not limit the number of bytes copied which can lead to
> buffer overflow. Replace with strscpy() which is safer as it limits
> the copy to the size of the destination buffer.
> 
> Compilation testing:
> - checkpatch.pl: 0 errors, 0 warnings
> - make drivers/nfc/pn544/i2c.o: compiled successfully
> 
> Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>

I am wondering if this is more of a cleanup, or more of a bug fix.
IOW, can an overflow actually occur?

Assuming that firmware_name is derived from user input I would suspect
that this is a bug fix. In which case it should be targeted at net.

	Subject: [PATCH net] ...

And have a Fixes tag denoting the commit that introduced the problem.
It should go immediately above your Signed-off-by line; no blank line in
between.

Otherwise it would be best to explicitly target this patch at
the net-next tree:

	Subject: [PATCH net-next] ...

AI generated review flagged that this looks like a bug fix.

> ---
>  drivers/nfc/pn544/i2c.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
> index a0dfb3f98d5a..7261e12aa6b5 100644
> --- a/drivers/nfc/pn544/i2c.c
> +++ b/drivers/nfc/pn544/i2c.c
> @@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
>  
>  	pr_info("Starting Firmware Download (%s)\n", firmware_name);
>  
> -	strcpy(phy->firmware_name, firmware_name);
> +	strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));

phy->firmware_name is an array.
So you can use the two-argument variant of strscpy() here.

>  
>  	phy->hw_variant = hw_variant;
>  	phy->fw_work_state = FW_WORK_STATE_START;

-- 
pw-bot: changes-requested

^ permalink raw reply	[flat|nested] 4+ messages in thread

[parent not found: <20260219192416.97654-1-tomasz.unger.ref@yahoo.pl>]

* [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()
       [not found] <20260219192416.97654-1-tomasz.unger.ref@yahoo.pl>
@ 2026-02-19 19:24 ` tomasz.unger
  2026-02-19 19:37   ` Jakub Kicinski
  0 siblings, 1 reply; 4+ messages in thread
From: tomasz.unger @ 2026-02-19 19:24 UTC (permalink / raw)
  To: netdev; +Cc: linux-kernel, Tomasz Unger

From: Tomasz Unger <tomasz.unger@yahoo.pl>

strcpy() does not limit the number of bytes copied which can lead to
buffer overflow. Replace with strscpy() which is safer as it limits
the copy to the size of the destination buffer.

Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
---
 drivers/nfc/pn544/i2c.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
index 1ecef0acaa50..b897357732fa 100644
--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
 
 	pr_info("Starting Firmware Download (%s)\n", firmware_name);
 
-	strcpy(phy->firmware_name, firmware_name);
+	strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));
 
 	phy->hw_variant = hw_variant;
 	phy->fw_work_state = FW_WORK_STATE_START;
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()
  2026-02-19 19:24 ` tomasz.unger
@ 2026-02-19 19:37   ` Jakub Kicinski
  0 siblings, 0 replies; 4+ messages in thread
From: Jakub Kicinski @ 2026-02-19 19:37 UTC (permalink / raw)
  To: tomasz.unger; +Cc: netdev, linux-kernel

On Thu, 19 Feb 2026 20:24:16 +0100 tomasz.unger@yahoo.pl wrote:
> strcpy() does not limit the number of bytes copied which can lead to
> buffer overflow. Replace with strscpy() which is safer as it limits
> the copy to the size of the destination buffer.

## Form letter - net-next-closed

We have already submitted our pull request with net-next material for v7.0,
and therefore net-next is closed for new drivers, features, code refactoring
and optimizations. We are currently accepting bug fixes only.

Please repost when net-next reopens after Feb 23rd.

RFC patches sent for review only are obviously welcome at any time.

See: https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle
-- 
pw-bot: defer
pv-bot: closed

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-02-25  9:39 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20260224072242.32551-1-tomasz.unger.ref@yahoo.pl>
2026-02-24  7:22 ` [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy() tomasz.unger
2026-02-25  9:39   ` Simon Horman
     [not found] <20260219192416.97654-1-tomasz.unger.ref@yahoo.pl>
2026-02-19 19:24 ` tomasz.unger
2026-02-19 19:37   ` Jakub Kicinski

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox