lib/obscure.c: Fix PASS_MIN_LEN -1 case

The getdef_num implementation allows -1 to be specified in login.defs.
In general, -1 should be treated the same way as "not specified". In
this case, casting -1 to size_t leads to every password being "too
short."

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/lib/obscure.c b/lib/obscure.c
index 2ece233087f5c15c506293265227d426bb203d31..3c723b2bff0e97328280c2c437b3fd70bb1ed59d 100644 (file)
--- a/lib/obscure.c
+++ b/lib/obscure.c
@@ -116,6 +116,7 @@ static /*@observer@*//*@null@*/const char *obscure_msg (
        /*@notnull@*/const char *new)
 {
        size_t maxlen, oldlen, newlen;
+       int minlen;
        char *new1, *old1;
        const char *msg;
        const char *result;
@@ -123,7 +124,8 @@ static /*@observer@*//*@null@*/const char *obscure_msg (
        oldlen = strlen (old);
        newlen = strlen (new);
 
-       if (newlen < (size_t) getdef_num ("PASS_MIN_LEN", 0)) {
+       minlen = getdef_num ("PASS_MIN_LEN", 0);
+       if (minlen != -1 && newlen < (size_t) minlen) {
                return _("too short");
        }