strlcpy() reads the entire source buffer first. This read may exceed the destination size limit. This is both inefficient and can lead to linear read overflows if a source string is not NUL-terminated [1]. In an effort to remove strlcpy() completely [2], replace strlcpy() here with strscpy(). No return values were used, so direct replacement is safe. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy [2] https://github.com/KSPP/linux/issues/89 Signed-off-by: Azeem Shaikh <azeemshaikh38@xxxxxxxxx> --- drivers/target/target_core_user.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c index 15ffc8d2ac7b..22cc6cac0ba2 100644 --- a/drivers/target/target_core_user.c +++ b/drivers/target/target_core_user.c @@ -2820,14 +2820,14 @@ static ssize_t tcmu_dev_config_store(struct config_item *item, const char *page, pr_err("Unable to reconfigure device\n"); return ret; } - strlcpy(udev->dev_config, page, TCMU_CONFIG_LEN); + strscpy(udev->dev_config, page, TCMU_CONFIG_LEN); ret = tcmu_update_uio_info(udev); if (ret) return ret; return count; } - strlcpy(udev->dev_config, page, TCMU_CONFIG_LEN); + strscpy(udev->dev_config, page, TCMU_CONFIG_LEN); return count; } -- 2.41.0.162.gfafddb0af9-goog
