[BusyBox] patch to login, dmesg and obscure

[Ronny L Nilsson]

Hi again.

> Yipe!  strcat(wrapped, wrapped) is very evil!
> safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);

Looking at the issue in  libbb/obscure.c:password_check(),  I think there's 
still an error in 1.00-pre2. The handpatch by Vladimir copies too much data, 
the source string ain't that long which the SIZE argument to strncpy() say.




> But your lenold new variable and recalculate lenght is not require.

OK, since optimization seems to be what is wanted... This patch fixes what 
Vladimir missed, AND does some optimization too.  :)  Reduction of one 
str_lower() and two bzero() calls, which was unecessary. (Could use a second 
opinion though).


/Ronny




-------------- next part --------------
diff -upr t1/busybox-1.00-pre2/libbb/obscure.c busybox-1.00-pre2/libbb/obscure.c
--- t1/busybox-1.00-pre2/libbb/obscure.c	2003-07-30 09:57:06.000000000 +0200
+++ busybox-1.00-pre2/libbb/obscure.c	2003-07-30 16:27:10.000000000 +0200
@@ -144,9 +144,9 @@ password_check(const char *old, const ch
 
 	msg = NULL;
 	newmono = str_lower(bb_xstrdup(newval));
-	lenwrap = strlen(old) * 2 + 1;
-	wrapped = (char *) xmalloc(lenwrap);
-	str_lower(strcpy(wrapped, old));
+	lenwrap = strlen(old);
+	wrapped = (char *) xmalloc(lenwrap * 2 + 1);
+	strcpy(wrapped, newmono);
 
 	if (palindrome(newmono))
 		msg = "a palindrome";
@@ -157,14 +157,9 @@ password_check(const char *old, const ch
 	else if (similiar(wrapped, newmono))
 		msg = "too similiar";
 
-	else {
-		safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
-		if (strstr(wrapped, newmono))
+	else if (strstr(safe_strncpy(wrapped+lenwrap, wrapped, lenwrap + 1), newmono)) {
 			msg = "rotated";
-	}
 
-	bzero(newmono, strlen(newmono));
-	bzero(wrapped, lenwrap);
 	free(newmono);
 	free(wrapped);