Patch from David Daney:

[oweals/busybox.git] / libbb / obscure.c

diff --git a/libbb/obscure.c b/libbb/obscure.c
index 588ef5af6c18caf89714012f951fbebc5204d4a8..aa15e409717f2fc40d423cf87fd9c5d080326b7a 100644 (file)
--- a/libbb/obscure.c
+++ b/libbb/obscure.c
@@ -143,9 +143,9 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
                return "too simple";
 
        msg = NULL;
-       newmono = str_lower(xstrdup(newval));
-       lenwrap = strlen(old) * 2 + 1;
-       wrapped = (char *) xmalloc(lenwrap);
+       newmono = str_lower(bb_xstrdup(newval));
+       lenwrap = strlen(old);
+       wrapped = (char *) xmalloc(lenwrap * 2 + 1);
        str_lower(strcpy(wrapped, old));
 
        if (palindrome(newmono))
@@ -157,11 +157,14 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
        else if (similiar(wrapped, newmono))
                msg = "too similiar";
 
-       else if (strstr(strcat(wrapped, wrapped), newmono))
-               msg = "rotated";
+       else {
+               safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+               if (strstr(wrapped, newmono))
+                       msg = "rotated";
+       }
 
        bzero(newmono, strlen(newmono));
-       bzero(wrapped, lenwrap);
+       bzero(wrapped, lenwrap * 2);
        free(newmono);
        free(wrapped);
 
@@ -208,8 +211,8 @@ obscure_msg(const char *old, const char *newval, const struct passwd *pwdp)
        if (oldlen <= maxlen && newlen <= maxlen)
                return NULL;
 
-       new1 = (char *) xstrdup(newval);
-       old1 = (char *) xstrdup(old);
+       new1 = (char *) bb_xstrdup(newval);
+       old1 = (char *) bb_xstrdup(old);
        if (newlen > maxlen)
                new1[maxlen] = '\0';
        if (oldlen > maxlen)