X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=libbb%2Fobscure.c;h=9ac6bcd82ac4b2db2a0891e7d1b282e6d18f84f3;hb=ddec5af6b0803c7434a1cc2fdee5cb9873fe6bd0;hp=a152456b2e630a3376fc33ed97165ddd52c93c5a;hpb=a13cca9cf44ab36a8da90a343a6cd68ab7743345;p=oweals%2Fbusybox.git

diff --git a/libbb/obscure.c b/libbb/obscure.c
index a152456b2..9ac6bcd82 100644
--- a/libbb/obscure.c
+++ b/libbb/obscure.c
@@ -18,12 +18,12 @@
 	This password types should not  be permitted:
 	a)	pure numbers: birthdates, social security number, license plate, phone numbers;
 	b)	words and all letters only passwords (uppercase, lowercase or mixed)
-		as palindromes, consecutive or repetitive letters 
+		as palindromes, consecutive or repetitive letters
 		or adjacent letters on your keyboard;
 	c)	username, real name, company name or (e-mail?) address
 		in any form (as-is, reversed, capitalized, doubled, etc.).
 		(we can check only against username, gecos and hostname)
-	d)	common and obvious letter-number replacements 
+	d)	common and obvious letter-number replacements
 		(e.g. replace the letter O with number 0)
 		such as "M1cr0$0ft" or "P@ssw0rd" (CAVEAT: we cannot check for them
 		without the use of a dictionary).
@@ -39,17 +39,8 @@
 	of crypt do not truncate passwords.
 */
 
-#include <ctype.h>
-#include <unistd.h>
-#include <string.h>
-
 #include "libbb.h"
 
-
-/* passwords should consist of 6 (to 8 characters) */
-#define MINLEN 6 
-
-
 static int string_checker_helper(const char *p1, const char *p2) __attribute__ ((__pure__));
 
 static int string_checker_helper(const char *p1, const char *p2)
@@ -70,7 +61,7 @@ static int string_checker(const char *p1, const char *p2)
 	/* check string */
 	int ret = string_checker_helper(p1, p2);
 	/* Make our own copy */
-	char *p = bb_xstrdup(p1);
+	char *p = xstrdup(p1);
 	/* reverse string */
 	size = strlen(p);
 
@@ -93,27 +84,27 @@ static int string_checker(const char *p1, const char *p2)
 #define NUMBERS            4
 #define SPECIAL            8
 
-static const char *obscure_msg(const char *old_p, const char *new_p, const struct passwd *pw) 
+static const char *obscure_msg(const char *old_p, const char *new_p, const struct passwd *pw)
 {
 	int i;
 	int c;
 	int length;
 	int mixed = 0;
-	/* Add 1 for each type of characters to the minlen of password */
-	int size = MINLEN + 8;
+	/* Add 2 for each type of characters to the minlen of password */
+	int size = CONFIG_PASSWORD_MINLEN + 8;
 	const char *p;
 	char hostname[255];
 
 	/* size */
-	if (!new_p || (length = strlen(new_p)) < MINLEN)
+	if (!new_p || (length = strlen(new_p)) < CONFIG_PASSWORD_MINLEN)
 		return("too short");
-	
+
 	/* no username as-is, as sub-string, reversed, capitalized, doubled */
 	if (string_checker(new_p, pw->pw_name)) {
 		return "similar to username";
 	}
 	/* no gecos as-is, as sub-string, reversed, capitalized, doubled */
-	if (string_checker(new_p, pw->pw_gecos)) {
+	if (*pw->pw_gecos && string_checker(new_p, pw->pw_gecos)) {
 		return "similar to gecos";
 	}
 	/* hostname as-is, as sub-string, reversed, capitalized, doubled */
@@ -152,11 +143,11 @@ static const char *obscure_msg(const char *old_p, const char *new_p, const struc
 			return "too many similar characters";
 		}
 	}
-	for(i=0;i<4;i++)
+	for (i=0; i<4; i++)
 		if (mixed & (1<<i)) size -= 2;
 	if (length < size)
 		return "too weak";
-	
+
 	if (old_p && old_p[0] != '\0') {
 		/* check vs. old password */
 		if (string_checker(new_p, old_p)) {