From: Luca Boccassi Date: Sat, 28 Mar 2026 19:35:36 +0000 (+0000) Subject: scsi_id: use strscpy instead of strncpy for wwn fields X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=86fd0337c652b04755008cdca23e2d9c727fa9a9;p=thirdparty%2Fsystemd.git scsi_id: use strscpy instead of strncpy for wwn fields strncpy does not null-terminate the destination buffer if the source string is longer than the count parameter. Since wwn and wwn_vendor_extension are char[17] and we copy up to 16 bytes, there's a risk of missing null termination. Use strscpy which always null-terminates. CID#1469706 Follow-up for 4e9fdfccbdd16f0cfdb5c8fa8484a8ba0f2e69d3 --- diff --git a/src/udev/scsi_id/scsi_serial.c b/src/udev/scsi_id/scsi_serial.c index 20caf695bf4..82557e3b057 100644 --- a/src/udev/scsi_id/scsi_serial.c +++ b/src/udev/scsi_id/scsi_serial.c @@ -21,6 +21,7 @@ #include "scsi.h" #include "scsi_id.h" #include "string-util.h" +#include "strxcpyx.h" #include "time-util.h" /* @@ -517,9 +518,9 @@ static int check_fill_0x83_id(struct scsi_id_device *dev_scsi, strcpy(serial_short, serial + s); if (id_search->id_type == SCSI_ID_NAA && wwn != NULL) { - strncpy(wwn, serial + s, 16); + strscpy(wwn, 17, serial + s); if (wwn_vendor_extension) - strncpy(wwn_vendor_extension, serial + s + 16, 16); + strscpy(wwn_vendor_extension, 17, serial + s + 16); } return 0;