Patch from vodz:

[oweals/busybox.git] / libbb / obscure.c

diff --git a/libbb/obscure.c b/libbb/obscure.c
index 1a99b7cf91a3d159744d7e2dc2d2ffef75c7268a..aa15e409717f2fc40d423cf87fd9c5d080326b7a 100644 (file)
--- a/libbb/obscure.c
+++ b/libbb/obscure.c
@@ -144,8 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
 
        msg = NULL;
        newmono = str_lower(bb_xstrdup(newval));
-       lenwrap = strlen(old) * 2 + 1;
-       wrapped = (char *) xmalloc(lenwrap);
+       lenwrap = strlen(old);
+       wrapped = (char *) xmalloc(lenwrap * 2 + 1);
        str_lower(strcpy(wrapped, old));
 
        if (palindrome(newmono))
@@ -157,11 +157,14 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
        else if (similiar(wrapped, newmono))
                msg = "too similiar";
 
-       else if (strstr(strcat(wrapped, wrapped), newmono))
-               msg = "rotated";
+       else {
+               safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+               if (strstr(wrapped, newmono))
+                       msg = "rotated";
+       }
 
        bzero(newmono, strlen(newmono));
-       bzero(wrapped, lenwrap);
+       bzero(wrapped, lenwrap * 2);
        free(newmono);
        free(wrapped);