diff options
| -rw-r--r-- | drivers/staging/p9auth/p9auth.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/drivers/staging/p9auth/p9auth.c b/drivers/staging/p9auth/p9auth.c index 9111dcba37a1..8ccfff723eec 100644 --- a/drivers/staging/p9auth/p9auth.c +++ b/drivers/staging/p9auth/p9auth.c | |||
| @@ -183,7 +183,7 @@ static ssize_t cap_write(struct file *filp, const char __user *buf, | |||
| 183 | user_buf_running = NULL; | 183 | user_buf_running = NULL; |
| 184 | hash_str = NULL; | 184 | hash_str = NULL; |
| 185 | node_ptr = kmalloc(sizeof(struct cap_node), GFP_KERNEL); | 185 | node_ptr = kmalloc(sizeof(struct cap_node), GFP_KERNEL); |
| 186 | user_buf = kzalloc(count, GFP_KERNEL); | 186 | user_buf = kzalloc(count+1, GFP_KERNEL); |
| 187 | if (!node_ptr || !user_buf) | 187 | if (!node_ptr || !user_buf) |
| 188 | goto out; | 188 | goto out; |
| 189 | 189 | ||
| @@ -207,6 +207,7 @@ static ssize_t cap_write(struct file *filp, const char __user *buf, | |||
| 207 | list_add(&(node_ptr->list), &(dev->head->list)); | 207 | list_add(&(node_ptr->list), &(dev->head->list)); |
| 208 | node_ptr = NULL; | 208 | node_ptr = NULL; |
| 209 | } else { | 209 | } else { |
| 210 | char *tmpu; | ||
| 210 | if (!cap_devices[0].head || | 211 | if (!cap_devices[0].head || |
| 211 | list_empty(&(cap_devices[0].head->list))) { | 212 | list_empty(&(cap_devices[0].head->list))) { |
| 212 | retval = -EINVAL; | 213 | retval = -EINVAL; |
| @@ -218,10 +219,10 @@ static ssize_t cap_write(struct file *filp, const char __user *buf, | |||
| 218 | * need to split it and hash 'user1@user2' using 'randomstring' | 219 | * need to split it and hash 'user1@user2' using 'randomstring' |
| 219 | * as the key. | 220 | * as the key. |
| 220 | */ | 221 | */ |
| 221 | user_buf_running = kstrdup(user_buf, GFP_KERNEL); | 222 | tmpu = user_buf_running = kstrdup(user_buf, GFP_KERNEL); |
| 222 | source_user = strsep(&user_buf_running, "@"); | 223 | source_user = strsep(&tmpu, "@"); |
| 223 | target_user = strsep(&user_buf_running, "@"); | 224 | target_user = strsep(&tmpu, "@"); |
| 224 | rand_str = strsep(&user_buf_running, "@"); | 225 | rand_str = tmpu; |
| 225 | if (!source_user || !target_user || !rand_str) { | 226 | if (!source_user || !target_user || !rand_str) { |
| 226 | retval = -EINVAL; | 227 | retval = -EINVAL; |
| 227 | goto out; | 228 | goto out; |
| @@ -229,7 +230,8 @@ static ssize_t cap_write(struct file *filp, const char __user *buf, | |||
| 229 | 230 | ||
| 230 | /* hash the string user1@user2 with rand_str as the key */ | 231 | /* hash the string user1@user2 with rand_str as the key */ |
| 231 | len = strlen(source_user) + strlen(target_user) + 1; | 232 | len = strlen(source_user) + strlen(target_user) + 1; |
| 232 | hash_str = kzalloc(len, GFP_KERNEL); | 233 | /* src, @, len, \0 */ |
| 234 | hash_str = kzalloc(len+1, GFP_KERNEL); | ||
| 233 | strcat(hash_str, source_user); | 235 | strcat(hash_str, source_user); |
| 234 | strcat(hash_str, "@"); | 236 | strcat(hash_str, "@"); |
| 235 | strcat(hash_str, target_user); | 237 | strcat(hash_str, target_user); |