From: David Laight <david.laight.linux@gmail.com>
Date: Sat, 6 Jun 2026 20:26:03 +0000 (+0100)
Subject: keys: Replace strcpy(derived_buf, "AUTH_KEY") with strscpy(..., HASH_SIZE)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44b9597fea4b4d6d79d8b70a297ea425e05543c1;p=thirdparty%2Flinux.git

keys: Replace strcpy(derived_buf, "AUTH_KEY") with strscpy(..., HASH_SIZE)

derived_buf is guaranteed to be HASH_SIZE - and it is more than enough.
The strscpy() degenerates into an memcpy() (as did the strcpy()).
Do the same for the associated "ENC_KEY" copy.

Removes a possibly unbounded strcpy().

Signed-off-by: David Laight <david.laight.linux@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Link: https://lore.kernel.org/r/20260606202633.5018-9-david.laight.linux@gmail.com
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---

diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 56b531587a1e..59cb77b237b3 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -343,9 +343,9 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
 		return -ENOMEM;
 
 	if (key_type)
-		strcpy(derived_buf, "AUTH_KEY");
+		strscpy(derived_buf, "AUTH_KEY", HASH_SIZE);
 	else
-		strcpy(derived_buf, "ENC_KEY");
+		strscpy(derived_buf, "ENC_KEY", HASH_SIZE);
 
 	memcpy(derived_buf + strlen(derived_buf) + 1, master_key,
 	       master_keylen);