]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c1201b3)
keys: Replace strcpy(derived_buf, "AUTH_KEY") with strscpy(..., HASH_SIZE)
authorDavid Laight <david.laight.linux@gmail.com>
Sat, 6 Jun 2026 20:26:03 +0000 (21:26 +0100)
committerJarkko Sakkinen <jarkko@kernel.org>
Mon, 15 Jun 2026 12:19:13 +0000 (15:19 +0300)
derived_buf is guaranteed to be HASH_SIZE - and it is more than enough.
The strscpy() degenerates into an memcpy() (as did the strcpy()).
Do the same for the associated "ENC_KEY" copy.

Removes a possibly unbounded strcpy().

Signed-off-by: David Laight <david.laight.linux@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Link: https://lore.kernel.org/r/20260606202633.5018-9-david.laight.linux@gmail.com
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
security/keys/encrypted-keys/encrypted.c patch | blob | blame | history

diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 56b531587a1ec1c620aa7f88230b68b5558fb430..59cb77b237b36d8730995bf7c1b86530cdda1a43 100644 (file)
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -343,9 +343,9 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
                return -ENOMEM;
 
        if (key_type)
-               strcpy(derived_buf, "AUTH_KEY");
+               strscpy(derived_buf, "AUTH_KEY", HASH_SIZE);
        else
-               strcpy(derived_buf, "ENC_KEY");
+               strscpy(derived_buf, "ENC_KEY", HASH_SIZE);
 
        memcpy(derived_buf + strlen(derived_buf) + 1, master_key,
               master_keylen);
A mirror of Linus' kernel repository