From bb63f23ea73e7de8dcd2e7a9acd9f944c0cb44ba Mon Sep 17 00:00:00 2001 From: Hans-Erik Floryd Date: Mon, 22 Dec 2025 13:49:37 +0100 Subject: [PATCH] fix: replace strcpy with strncpy Replace all instances of strcpy() with strncpy() to prevent buffer overflow vulnerabilities. The strcpy() function does not perform bounds checking, which can lead to security issues when copying strings of unknown or excessive length. Problem reported and fix suggested by Jaeyeong Lee. Change-Id: Ide896dbae3bdaf9001287b4d3e387efd355e73bd --- contrib/oshw/rtems/nicdrv.c | 3 ++- oshw/linux/nicdrv.c | 6 ++++-- samples/slaveinfo/slaveinfo.c | 3 ++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/contrib/oshw/rtems/nicdrv.c b/contrib/oshw/rtems/nicdrv.c index 08e6869..e5ca8bd 100644 --- a/contrib/oshw/rtems/nicdrv.c +++ b/contrib/oshw/rtems/nicdrv.c @@ -174,7 +174,8 @@ int ecx_setupnic(ecx_portt *port, const char *ifname, int secondary) } /* connect bpf to NIC by name */ - strcpy(ifr.ifr_name, ifname); + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; if (ioctl(*bpf, BIOCSETIF, &ifr) == -1) { perror("BIOCSETIF"); diff --git a/oshw/linux/nicdrv.c b/oshw/linux/nicdrv.c index 190d903..6007eb9 100644 --- a/oshw/linux/nicdrv.c +++ b/oshw/linux/nicdrv.c @@ -152,10 +152,12 @@ int ecx_setupnic(ecx_portt *port, const char *ifname, int secondary) i = 1; r |= setsockopt(*psock, SOL_SOCKET, SO_DONTROUTE, &i, sizeof(i)); /* connect socket to NIC by name */ - strcpy(ifr.ifr_name, ifname); + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; r |= ioctl(*psock, SIOCGIFINDEX, &ifr); ifindex = ifr.ifr_ifindex; - strcpy(ifr.ifr_name, ifname); + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; ifr.ifr_flags = 0; /* reset flags of NIC interface */ r |= ioctl(*psock, SIOCGIFFLAGS, &ifr); diff --git a/samples/slaveinfo/slaveinfo.c b/samples/slaveinfo/slaveinfo.c index 10c0b83..2c17383 100644 --- a/samples/slaveinfo/slaveinfo.c +++ b/samples/slaveinfo/slaveinfo.c @@ -722,7 +722,8 @@ int main(int argc, char *argv[]) if ((argc > 2) && (strncmp(argv[2], "-sdo", sizeof("-sdo")) == 0)) printSDO = TRUE; if ((argc > 2) && (strncmp(argv[2], "-map", sizeof("-map")) == 0)) printMAP = TRUE; /* start slaveinfo */ - strcpy(ifbuf, argv[1]); + strncpy(ifbuf, argv[1], sizeof(ifbuf) - 1); + ifbuf[sizeof(ifbuf) - 1] = '\0'; slaveinfo(ifbuf); } else