lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20250705133600.186441-1-miguelgarciaroman8@gmail.com>
Date: Sat,  5 Jul 2025 15:36:00 +0200
From: Miguel García <miguelgarciaroman8@...il.com>
To: linux-wireless@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
	briannorris@...omium.org,
	francesco@...cini.it,
	thomas.weissschuh@...utronix.de,
	tglx@...utronix.de,
	johannes.berg@...el.com,
	mingo@...nel.org,
	christophe.jaillet@...adoo.fr,
	skhan@...uxfoundation.org,
	Miguel García <miguelgarciaroman8@...il.com>
Subject: [PATCH] mwifiex: replace deprecated strcpy() with strscpy()

strcpy() is deprecated for NUL-terminated strings because it may overflow
the destination buffer and does not guarantee termination.  strscpy()
avoids these issues.

adapter->fw_name is a fixed-size char array (64 bytes).  All source
strings copied here are bounded literals or validated inputs, so no
return-value handling is required.

Signed-off-by: Miguel García <miguelgarciaroman8@...il.com>
---
 drivers/net/wireless/marvell/mwifiex/pcie.c | 40 ++++++++++++++-------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c
index a760de191fce..2aad9ab210e0 100644
--- a/drivers/net/wireless/marvell/mwifiex/pcie.c
+++ b/drivers/net/wireless/marvell/mwifiex/pcie.c
@@ -3098,9 +3098,8 @@ static int mwifiex_pcie_request_irq(struct mwifiex_adapter *adapter)
 }
 
 /*
- * This function gets the firmware name for downloading by revision id
- *
- * Read revision id register to get revision id
+ * Get firmware name for download by revision id
+ * Uses strscpy() to ensure NUL-termination and avoid overflow.
  */
 static void mwifiex_pcie_get_fw_name(struct mwifiex_adapter *adapter)
 {
@@ -3110,39 +3109,56 @@ static void mwifiex_pcie_get_fw_name(struct mwifiex_adapter *adapter)
 
 	switch (card->dev->device) {
 	case PCIE_DEVICE_ID_MARVELL_88W8766P:
-		strcpy(adapter->fw_name, PCIE8766_DEFAULT_FW_NAME);
+		strscpy(adapter->fw_name,
+			PCIE8766_DEFAULT_FW_NAME,
+			sizeof(adapter->fw_name));
 		break;
+
 	case PCIE_DEVICE_ID_MARVELL_88W8897:
 		mwifiex_write_reg(adapter, 0x0c58, 0x80c00000);
 		mwifiex_read_reg(adapter, 0x0c58, &revision_id);
 		revision_id &= 0xff00;
+
 		switch (revision_id) {
 		case PCIE8897_A0:
-			strcpy(adapter->fw_name, PCIE8897_A0_FW_NAME);
+			strscpy(adapter->fw_name,
+				PCIE8897_A0_FW_NAME,
+				sizeof(adapter->fw_name));
 			break;
 		case PCIE8897_B0:
-			strcpy(adapter->fw_name, PCIE8897_B0_FW_NAME);
+			strscpy(adapter->fw_name,
+				PCIE8897_B0_FW_NAME,
+				sizeof(adapter->fw_name));
 			break;
 		default:
-			strcpy(adapter->fw_name, PCIE8897_DEFAULT_FW_NAME);
-
+			strscpy(adapter->fw_name,
+				PCIE8897_DEFAULT_FW_NAME,
+				sizeof(adapter->fw_name));
 			break;
 		}
 		break;
+
 	case PCIE_DEVICE_ID_MARVELL_88W8997:
 		mwifiex_read_reg(adapter, 0x8, &revision_id);
 		mwifiex_read_reg(adapter, 0x0cd0, &version);
 		mwifiex_read_reg(adapter, 0x0cd4, &magic);
+
 		revision_id &= 0xff;
-		version &= 0x7;
-		magic &= 0xff;
+		version     &= 0x7;
+		magic       &= 0xff;
+
 		if (revision_id == PCIE8997_A1 &&
 		    magic == CHIP_MAGIC_VALUE &&
 		    version == CHIP_VER_PCIEUART)
-			strcpy(adapter->fw_name, PCIEUART8997_FW_NAME_V4);
+			strscpy(adapter->fw_name,
+				PCIEUART8997_FW_NAME_V4,
+				sizeof(adapter->fw_name));
 		else
-			strcpy(adapter->fw_name, PCIEUSB8997_FW_NAME_V4);
+			strscpy(adapter->fw_name,
+				PCIEUSB8997_FW_NAME_V4,
+				sizeof(adapter->fw_name));
 		break;
+
 	default:
 		break;
 	}
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ