From: Zhang Xiaohui <ruc_zhangxiaohui@xxxxxxx> The fix makes sure no zero value in the buffer, by comparing the strlen() of the original buffer with the size variable. Signed-off-by: Zhang Xiaohui <ruc_zhangxiaohui@xxxxxxx> --- drivers/target/target_core_iblock.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/target/target_core_iblock.c b/drivers/target/target_core_iblock.c index f2bd2e207..b23e92449 100644 --- a/drivers/target/target_core_iblock.c +++ b/drivers/target/target_core_iblock.c @@ -537,6 +537,8 @@ static ssize_t iblock_set_configfs_dev_params(struct se_device *dev, int ret = 0, token; unsigned long tmp_readonly; + if (strlen(page) < count) + return -EOVERFLOW; opts = kstrdup(page, GFP_KERNEL); if (!opts) return -ENOMEM; -- 2.17.1
