1. The memory into which we copy 'u1@u2' needs space for u1, @,
	u2, and a final \0 which strcat copies in.
2. Strsep changes the value of its first argument.  So use a
	temporary variable to pass to it, so we pass the original
	value to kfree!
3. Allocate an extra char to user_buf, because we need a trailing \0
	since we later kstrdup it.

I am about to send out an LTP testcase for this driver, but
in addition the correctness of the hashing can be verified as
follows:

 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>

int main(int argc, char *argv[])
{
        char in[41], out[20];
        unsigned int v;
        int i, ret;

        ret = read(STDIN_FILENO, in, 40);
        if (ret != 40)
                exit(1);
        in[40] = '\0';
        for (i = 0; i < 20; i++) {
                sscanf(&in[2*i], "%02x", &v);
                out[i] = v;
        }
        write(STDOUT_FILENO, out, 20);
}

as root, to test userid 501 switching to uid 0, choosing
'random' string 'ab':

echo -n "501@0" > plain
openssl sha1  -hmac 'ab' plain |awk '{ print $2 '} > dgst
./unhex < dgst > dgst.u
mknod /dev/caphash 504 0
mknod /dev/capuse 504 1
chmod ugo+w /dev/capuse
cat dgst.u > /dev/caphash

as uid 501,
echo "501@0@ab" > /dev/capuse
id -u  # should now show 0.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>