[PATCH] openpromfs: fix missing NUL
Jan Engelhardt [Sun, 25 Jun 2006 12:47:35 +0000 (05:47 -0700)]
tchars is not '\0'-terminated so the strtoul may run into problems.  Fix that.
 Also make tchars as big as a long in hexadecimal form would take rather than
just 16.

Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

fs/openpromfs/inode.c

index 464e2bc..c0cbe97 100644 (file)
@@ -448,10 +448,11 @@ static ssize_t property_write(struct file *filp, const char __user *buf,
                                        *q |= simple_strtoul (tmp, NULL, 16);
                                        buf += last_cnt;
                                } else {
-                                       char tchars[17]; /* XXX yuck... */
+                                       char tchars[2 * sizeof(long) + 1];
 
-                                       if (copy_from_user(tchars, buf, 16))
+                                       if (copy_from_user(tchars, buf, sizeof(tchars) - 1))
                                                return -EFAULT;
+                                        tchars[sizeof(tchars) - 1] = '\0';
                                        *q = simple_strtoul (tchars, NULL, 16);
                                        buf += 9;
                                }