lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20251222100057.633988-1-thorsten.blum@linux.dev>
Date: Mon, 22 Dec 2025 11:00:57 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Mike Marshall <hubcap@...ibond.com>,
	Martin Brandenburg <martin@...ibond.com>
Cc: Thorsten Blum <thorsten.blum@...ux.dev>,
	devel@...ts.orangefs.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] orangefs: Replace deprecated strcpy with strscpy

strcpy() has been deprecated [1] because it performs no bounds checking
on the destination buffer, which can lead to buffer overflows. Replace
it with the safer strscpy().  No functional changes.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1]
Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
---
 fs/orangefs/xattr.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/fs/orangefs/xattr.c b/fs/orangefs/xattr.c
index eee3c5ed1bbb..a431aa07a229 100644
--- a/fs/orangefs/xattr.c
+++ b/fs/orangefs/xattr.c
@@ -152,7 +152,7 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *name,
 		goto out_unlock;
 
 	new_op->upcall.req.getxattr.refn = orangefs_inode->refn;
-	strcpy(new_op->upcall.req.getxattr.key, name);
+	strscpy(new_op->upcall.req.getxattr.key, name);
 
 	/*
 	 * NOTE: Although keys are meant to be NULL terminated textual
@@ -173,7 +173,7 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *name,
 				     (char *)new_op->upcall.req.getxattr.key);
 			cx = kmalloc(sizeof *cx, GFP_KERNEL);
 			if (cx) {
-				strcpy(cx->key, name);
+				strscpy(cx->key, name);
 				cx->length = -1;
 				cx->timeout = jiffies +
 				    orangefs_getattr_timeout_msecs*HZ/1000;
@@ -220,14 +220,14 @@ ssize_t orangefs_inode_getxattr(struct inode *inode, const char *name,
 	ret = length;
 
 	if (cx) {
-		strcpy(cx->key, name);
+		strscpy(cx->key, name);
 		memcpy(cx->val, buffer, length);
 		cx->length = length;
 		cx->timeout = jiffies + HZ;
 	} else {
 		cx = kmalloc(sizeof *cx, GFP_KERNEL);
 		if (cx) {
-			strcpy(cx->key, name);
+			strscpy(cx->key, name);
 			memcpy(cx->val, buffer, length);
 			cx->length = length;
 			cx->timeout = jiffies + HZ;
@@ -267,7 +267,7 @@ static int orangefs_inode_removexattr(struct inode *inode, const char *name,
 	 * textual strings, I am going to explicitly pass the
 	 * length just in case we change this later on...
 	 */
-	strcpy(new_op->upcall.req.removexattr.key, name);
+	strscpy(new_op->upcall.req.removexattr.key, name);
 	new_op->upcall.req.removexattr.key_sz = strlen(name) + 1;
 
 	gossip_debug(GOSSIP_XATTR_DEBUG,
@@ -361,7 +361,7 @@ int orangefs_inode_setxattr(struct inode *inode, const char *name,
 	 * strings, I am going to explicitly pass the length just in
 	 * case we change this later on...
 	 */
-	strcpy(new_op->upcall.req.setxattr.keyval.key, name);
+	strscpy(new_op->upcall.req.setxattr.keyval.key, name);
 	new_op->upcall.req.setxattr.keyval.key_sz = strlen(name) + 1;
 	memcpy(new_op->upcall.req.setxattr.keyval.val, value, size);
 	new_op->upcall.req.setxattr.keyval.val_sz = size;
-- 
Thorsten Blum <thorsten.blum@...ux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ