From 481772a4c2915bfca8099218d458bb22906e71b5 Mon Sep 17 00:00:00 2001
From: Eric Andersen <andersen@codepoet.org>
Date: Wed, 6 Aug 2003 08:33:08 +0000
Subject: Patch from vodz to cleanup libbb/obscure.c:password_check() to not
 copy too much data.

---
 libbb/obscure.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'libbb/obscure.c')

diff --git a/libbb/obscure.c b/libbb/obscure.c
index 537d4484f..aa15e4097 100644
--- a/libbb/obscure.c
+++ b/libbb/obscure.c
@@ -144,8 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
 
 	msg = NULL;
 	newmono = str_lower(bb_xstrdup(newval));
-	lenwrap = strlen(old) * 2 + 1;
-	wrapped = (char *) xmalloc(lenwrap);
+	lenwrap = strlen(old);
+	wrapped = (char *) xmalloc(lenwrap * 2 + 1);
 	str_lower(strcpy(wrapped, old));
 
 	if (palindrome(newmono))
@@ -164,7 +164,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
 	}
 
 	bzero(newmono, strlen(newmono));
-	bzero(wrapped, lenwrap);
+	bzero(wrapped, lenwrap * 2);
 	free(newmono);
 	free(wrapped);
 
-- 
cgit v1.2.3