X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=libbb%2Fobscure.c;h=aa15e409717f2fc40d423cf87fd9c5d080326b7a;hb=9315842242f18e3c5cf706b2bb349757928b2b40;hp=588ef5af6c18caf89714012f951fbebc5204d4a8;hpb=71ae64bdc6b044eef0a9f3bebd85cc4a6b67362f;p=oweals%2Fbusybox.git

diff --git a/libbb/obscure.c b/libbb/obscure.c
index 588ef5af6..aa15e4097 100644
--- a/libbb/obscure.c
+++ b/libbb/obscure.c
@@ -143,9 +143,9 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
 		return "too simple";
 
 	msg = NULL;
-	newmono = str_lower(xstrdup(newval));
-	lenwrap = strlen(old) * 2 + 1;
-	wrapped = (char *) xmalloc(lenwrap);
+	newmono = str_lower(bb_xstrdup(newval));
+	lenwrap = strlen(old);
+	wrapped = (char *) xmalloc(lenwrap * 2 + 1);
 	str_lower(strcpy(wrapped, old));
 
 	if (palindrome(newmono))
@@ -157,11 +157,14 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
 	else if (similiar(wrapped, newmono))
 		msg = "too similiar";
 
-	else if (strstr(strcat(wrapped, wrapped), newmono))
-		msg = "rotated";
+	else {
+		safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+		if (strstr(wrapped, newmono))
+			msg = "rotated";
+	}
 
 	bzero(newmono, strlen(newmono));
-	bzero(wrapped, lenwrap);
+	bzero(wrapped, lenwrap * 2);
 	free(newmono);
 	free(wrapped);
 
@@ -208,8 +211,8 @@ obscure_msg(const char *old, const char *newval, const struct passwd *pwdp)
 	if (oldlen <= maxlen && newlen <= maxlen)
 		return NULL;
 
-	new1 = (char *) xstrdup(newval);
-	old1 = (char *) xstrdup(old);
+	new1 = (char *) bb_xstrdup(newval);
+	old1 = (char *) bb_xstrdup(old);
 	if (newlen > maxlen)
 		new1[maxlen] = '\0';
 	if (oldlen > maxlen)