tun: replace strcpy with strscpy for ifr_name

Replace the strcpy() calls that copy the device name into ifr->ifr_name
with strscpy() to avoid potential overflows and guarantee NULL termination.

Destination is ifr->ifr_name (size IFNAMSIZ).

Tested in QEMU (BusyBox rootfs):
 - Created TUN devices via TUNSETIFF helper
 - Set addresses and brought links up
 - Verified long interface names are safely truncated (IFNAMSIZ-1)

Signed-off-by: Miguel García <miguelgarciaroman8@gmail.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Link: https://patch.msgid.link/20250812082244.60240-1-miguelgarciaroman8@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index cc6c5018066370f1e778efc987c834eac0f1076a..86a9e927d0ff66b26ea85bee2e2dd5d42a3adcaa 100644 (file)
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -2823,13 +2823,13 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
        if (netif_running(tun->dev))
                netif_tx_wake_all_queues(tun->dev);
 
-       strcpy(ifr->ifr_name, tun->dev->name);
+       strscpy(ifr->ifr_name, tun->dev->name);
        return 0;
 }
 
 static void tun_get_iff(struct tun_struct *tun, struct ifreq *ifr)
 {
-       strcpy(ifr->ifr_name, tun->dev->name);
+       strscpy(ifr->ifr_name, tun->dev->name);
 
        ifr->ifr_flags = tun_flags(tun);