| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250705133600.186441-1-miguelgarciaroman8@gmail.com>
Date: Sat, 5 Jul 2025 15:36:00 +0200
From: Miguel García <miguelgarciaroman8@...il.com>
To: linux-wireless@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
briannorris@...omium.org,
francesco@...cini.it,
thomas.weissschuh@...utronix.de,
tglx@...utronix.de,
johannes.berg@...el.com,
mingo@...nel.org,
christophe.jaillet@...adoo.fr,
skhan@...uxfoundation.org,
Miguel García <miguelgarciaroman8@...il.com>
Subject: [PATCH] mwifiex: replace deprecated strcpy() with strscpy()
strcpy() is deprecated for NUL-terminated strings because it may overflow
the destination buffer and does not guarantee termination. strscpy()
avoids these issues.
adapter->fw_name is a fixed-size char array (64 bytes). All source
strings copied here are bounded literals or validated inputs, so no
return-value handling is required.
Signed-off-by: Miguel García <miguelgarciaroman8@...il.com>
---
drivers/net/wireless/marvell/mwifiex/pcie.c | 40 ++++++++++++++-------
1 file changed, 28 insertions(+), 12 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c
index a760de191fce..2aad9ab210e0 100644
--- a/drivers/net/wireless/marvell/mwifiex/pcie.c
+++ b/drivers/net/wireless/marvell/mwifiex/pcie.c
@@ -3098,9 +3098,8 @@ static int mwifiex_pcie_request_irq(struct mwifiex_adapter *adapter)
}
/*
- * This function gets the firmware name for downloading by revision id
- *
- * Read revision id register to get revision id
+ * Get firmware name for download by revision id
+ * Uses strscpy() to ensure NUL-termination and avoid overflow.
*/
static void mwifiex_pcie_get_fw_name(struct mwifiex_adapter *adapter)
{
@@ -3110,39 +3109,56 @@ static void mwifiex_pcie_get_fw_name(struct mwifiex_adapter *adapter)
switch (card->dev->device) {
case PCIE_DEVICE_ID_MARVELL_88W8766P:
- strcpy(adapter->fw_name, PCIE8766_DEFAULT_FW_NAME);
+ strscpy(adapter->fw_name,
+ PCIE8766_DEFAULT_FW_NAME,
+ sizeof(adapter->fw_name));
break;
+
case PCIE_DEVICE_ID_MARVELL_88W8897:
mwifiex_write_reg(adapter, 0x0c58, 0x80c00000);
mwifiex_read_reg(adapter, 0x0c58, &revision_id);
revision_id &= 0xff00;
+
switch (revision_id) {
case PCIE8897_A0:
- strcpy(adapter->fw_name, PCIE8897_A0_FW_NAME);
+ strscpy(adapter->fw_name,
+ PCIE8897_A0_FW_NAME,
+ sizeof(adapter->fw_name));
break;
case PCIE8897_B0:
- strcpy(adapter->fw_name, PCIE8897_B0_FW_NAME);
+ strscpy(adapter->fw_name,
+ PCIE8897_B0_FW_NAME,
+ sizeof(adapter->fw_name));
break;
default:
- strcpy(adapter->fw_name, PCIE8897_DEFAULT_FW_NAME);
-
+ strscpy(adapter->fw_name,
+ PCIE8897_DEFAULT_FW_NAME,
+ sizeof(adapter->fw_name));
break;
}
break;
+
case PCIE_DEVICE_ID_MARVELL_88W8997:
mwifiex_read_reg(adapter, 0x8, &revision_id);
mwifiex_read_reg(adapter, 0x0cd0, &version);
mwifiex_read_reg(adapter, 0x0cd4, &magic);
+
revision_id &= 0xff;
- version &= 0x7;
- magic &= 0xff;
+ version &= 0x7;
+ magic &= 0xff;
+
if (revision_id == PCIE8997_A1 &&
magic == CHIP_MAGIC_VALUE &&
version == CHIP_VER_PCIEUART)
- strcpy(adapter->fw_name, PCIEUART8997_FW_NAME_V4);
+ strscpy(adapter->fw_name,
+ PCIEUART8997_FW_NAME_V4,
+ sizeof(adapter->fw_name));
else
- strcpy(adapter->fw_name, PCIEUSB8997_FW_NAME_V4);
+ strscpy(adapter->fw_name,
+ PCIEUSB8997_FW_NAME_V4,
+ sizeof(adapter->fw_name));
break;
+
default:
break;
}
--
2.34.1
Powered by blists - more mailing lists