From: Tomasz Unger <tomasz.unger@yahoo.pl>
Date: Sun, 1 Mar 2026 12:12:54 +0000 (+0100)
Subject: NFC: pn544: i2c: Replace strcpy() with strscpy()
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e63f5918adb8efa7d9609585318db773ac7cd241;p=thirdparty%2Fkernel%2Flinux.git

NFC: pn544: i2c: Replace strcpy() with strscpy()

Replace strcpy() with strscpy() which limits the copy to the size of
the destination buffer. Since phy->firmware_name is an array, the
two-argument variant of strscpy() is used - the compiler deduces
the buffer size automatically.

This is a defensive cleanup. As pointed out by Jakub Kicinski
<kuba@kernel.org>, firmware_name is already bounded to
NFC_FIRMWARE_NAME_MAXSIZE via nla_strscpy() in net/nfc/netlink.c
before reaching this driver, so no actual buffer overflow is possible.

Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20260301121254.174354-1-tomasz.unger@yahoo.pl
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---

diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
index a0dfb3f98d5a9..b31b5bef71877 100644
--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
 
 	pr_info("Starting Firmware Download (%s)\n", firmware_name);
 
-	strcpy(phy->firmware_name, firmware_name);
+	strscpy(phy->firmware_name, firmware_name);
 
 	phy->hw_variant = hw_variant;
 	phy->fw_work_state = FW_WORK_STATE_START;