From: Jan Engelhardt <jengelh@gmx.de>

tchars is not '\0'-terminated so the strtoul may run into problems.  Fix that.
 Also make tchars as big as a long in hexadecimal form would take rather than
just 16.

Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/openpromfs/inode.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff -puN fs/openpromfs/inode.c~openpromfs-fix-missing-nul fs/openpromfs/inode.c
--- devel/fs/openpromfs/inode.c~openpromfs-fix-missing-nul	2006-05-17 23:37:24.000000000 -0700
+++ devel-akpm/fs/openpromfs/inode.c	2006-05-17 23:37:24.000000000 -0700
@@ -448,10 +448,11 @@ static ssize_t property_write(struct fil
 					*q |= simple_strtoul (tmp, NULL, 16);
 					buf += last_cnt;
 				} else {
-					char tchars[17]; /* XXX yuck... */
+					char tchars[2 * sizeof(long) + 1];
 
-					if (copy_from_user(tchars, buf, 16))
+					if (copy_from_user(tchars, buf, sizeof(tchars) - 1))
 						return -EFAULT;
+                                        tchars[sizeof(tchars) - 1] = '\0';
 					*q = simple_strtoul (tchars, NULL, 16);
 					buf += 9;
 				}
_