strncpy() function is actively dangerous to use since it may not
NUL-terminate the destination string, resulting in potential memory
content exposures, unbounded reads, or crashes. strcpy() performs
no bounds checking on the destination buffer. The safe replacement
is strscpy() which is specific to the Linux kernel.
Signed-off-by: Calvince Otieno <calvncce@xxxxxxxxx>
---
drivers/staging/wlan-ng/prism2fw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/wlan-ng/prism2fw.c b/drivers/staging/wlan-ng/prism2fw.c
index 5d03b2b9aab4..57a99dd12143 100644
--- a/drivers/staging/wlan-ng/prism2fw.c
+++ b/drivers/staging/wlan-ng/prism2fw.c
@@ -725,7 +725,7 @@ static int plugimage(struct imgchunk *fchunk, unsigned int nfchunks,
if (j == -1) { /* plug the filename */
memset(dest, 0, s3plug[i].len);
- strncpy(dest, PRISM2_USB_FWFILE, s3plug[i].len - 1);
+ strscpy(dest, PRISM2_USB_FWFILE, s3plug[i].len - 1);
} else { /* plug a PDR */
memcpy(dest, &pda->rec[j]->data, s3plug[i].len);
}
