On Wed, Aug 21, 2024 at 12:12:16AM +0530, Abhishek Tamboli wrote:
> Replace strcpy() with strscpy() in rtl819x_translate_scan()
> function to ensure buffer safety.
>
> Signed-off-by: Abhishek Tamboli <abhishektamboli9@xxxxxxxxx>
> ---
> drivers/staging/rtl8192e/rtllib_wx.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/rtl8192e/rtllib_wx.c b/drivers/staging/rtl8192e/rtllib_wx.c
> index fbd4ec824084..970b7fcb3f7e 100644
> --- a/drivers/staging/rtl8192e/rtllib_wx.c
> +++ b/drivers/staging/rtl8192e/rtllib_wx.c
> @@ -61,7 +61,7 @@ static inline char *rtl819x_translate_scan(struct rtllib_device *ieee,
> iwe.cmd = SIOCGIWNAME;
> for (i = 0; i < ARRAY_SIZE(rtllib_modes); i++) {
> if (network->mode & BIT(i)) {
> - strcpy(pname, rtllib_modes[i]);
> + strscpy(pname, rtllib_modes[i], sizeof(pname));
^^^^^
pname is a pointer, not an array, so this doesn't work.
> pname += strlen(rtllib_modes[i]);
^^^^^^^^
pname is incremented here.
What this loop is doing is that it's going through all the network modes and
adding to the string. You should look at the rtllib_modes[] array and ensure
that if we printed every string it would fit into pname. (Currently that is not
the case. Probably not all network modes are possible. But I have looked at
this code and I'm saying that we should just ensure that we could handle it if
they were all possible).
Feel free to re-format the code how ever you want to make that happen.
regards,
dan carpenter
