aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
authorDavid Laight <david.laight.linux@gmail.com>2026-06-06 21:26:03 +0100
committerJarkko Sakkinen <jarkko@kernel.org>2026-06-15 15:19:13 +0300
commit44b9597fea4b4d6d79d8b70a297ea425e05543c1 (patch)
tree6a5c2fc143d34af7dc05089e7a8725aefd5392e9 /security
parentc1201b37f666f6466ab1fd3a381c2b7a4b7e9fee (diff)
downloadath-44b9597fea4b4d6d79d8b70a297ea425e05543c1.tar.gz
keys: Replace strcpy(derived_buf, "AUTH_KEY") with strscpy(..., HASH_SIZE)
derived_buf is guaranteed to be HASH_SIZE - and it is more than enough. The strscpy() degenerates into an memcpy() (as did the strcpy()). Do the same for the associated "ENC_KEY" copy. Removes a possibly unbounded strcpy(). Signed-off-by: David Laight <david.laight.linux@gmail.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Link: https://lore.kernel.org/r/20260606202633.5018-9-david.laight.linux@gmail.com Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'security')
-rw-r--r--security/keys/encrypted-keys/encrypted.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 56b531587a1ec..59cb77b237b36 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -343,9 +343,9 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
return -ENOMEM;
if (key_type)
- strcpy(derived_buf, "AUTH_KEY");
+ strscpy(derived_buf, "AUTH_KEY", HASH_SIZE);
else
- strcpy(derived_buf, "ENC_KEY");
+ strscpy(derived_buf, "ENC_KEY", HASH_SIZE);
memcpy(derived_buf + strlen(derived_buf) + 1, master_key,
master_keylen);