cracklib/cracklib-2.9.0-simplistic.patch

diff -up cracklib-2.9.0/lib/fascist.c.simplistic cracklib-2.9.0/lib/fascist.c
--- cracklib-2.9.0/lib/fascist.c.simplistic	2013-09-03 07:45:55.369653537 +0200
+++ cracklib-2.9.0/lib/fascist.c	2013-09-03 07:48:58.686759120 +0200
@@ -55,7 +55,6 @@ static char *r_destructors[] = {
 
     "/?p@?p",                   /* purging out punctuation/symbols/junk */
     "/?s@?s",
-    "/?X@?X",
 
     /* attempt reverse engineering of password strings */
 
@@ -454,6 +453,12 @@ GTry(rawtext, password)
 	    continue;
 	}
 
+	if (len - strlen(mp) >= 3)
+	{
+	    /* purged too much */
+	    continue;
+	}
+
 #ifdef DEBUG
 	printf("%-16s = %-16s (destruct %s)\n", mp, rawtext, r_destructors[i]);
 #endif
@@ -480,6 +485,12 @@ GTry(rawtext, password)
 	    continue;
 	}
 
+	if (len - strlen(mp) >= 3)
+	{
+	    /* purged too much */
+	    continue;
+	}
+
 #ifdef DEBUG
 	printf("%-16s = %-16s (construct %s)\n", mp, password, r_constructors[i]);
 #endif
@@ -699,6 +710,7 @@ FascistLookUser(PWDICT *pwp, char *instr
     char rpassword[STRINGSIZE];
     char area[STRINGSIZE];
     uint32_t notfound;
+    int len;
 
     notfound = PW_WORDS(pwp);
     /* already truncated if from FascistCheck() */
@@ -748,6 +760,7 @@ FascistLookUser(PWDICT *pwp, char *instr
 	return _("it is all whitespace");
     }
 
+    len = strlen(password);
     i = 0;
     ptr = password;
     while (ptr[0] && ptr[1])
@@ -759,10 +772,9 @@ FascistLookUser(PWDICT *pwp, char *instr
 	ptr++;
     }
 
-    /*  Change by Ben Karsin from ITS at University of Hawaii at Manoa.  Static MAXSTEP 
-        would generate many false positives for long passwords. */
-    maxrepeat = 3+(0.09*strlen(password));
-    if (i > maxrepeat)
+    /*  We were still generating false positives for long passwords.
+        Just count systematic double as a single character. */
+    if (len - i < MINLEN)
     {
 	return _("it is too simplistic/systematic");
     }
@@ -795,6 +807,12 @@ FascistLookUser(PWDICT *pwp, char *instr
 	    continue;
 	}
 
+	if (len - strlen(a) >= 3)
+	{
+	    /* purged too much */
+	    continue;
+	}
+
 #ifdef DEBUG
 	printf("%-16s (dict)\n", a);
 #endif
@@ -815,6 +833,13 @@ FascistLookUser(PWDICT *pwp, char *instr
 	{
 	    continue;
 	}
+
+	if (len - strlen(a) >= 3)
+	{
+	    /* purged too much */
+	    continue;
+	}
+
 #ifdef DEBUG
 	printf("%-16s (reversed dict)\n", a);
 #endif
make the simplistic check and the purging of special characters much less aggressive (#1003624, #985378) 2013-09-03 06:00:17 +00:00			`diff -up cracklib-2.9.0/lib/fascist.c.simplistic cracklib-2.9.0/lib/fascist.c`
			`--- cracklib-2.9.0/lib/fascist.c.simplistic 2013-09-03 07:45:55.369653537 +0200`
			`+++ cracklib-2.9.0/lib/fascist.c 2013-09-03 07:48:58.686759120 +0200`
			`@@ -55,7 +55,6 @@ static char *r_destructors[] = {`

			`"/?p@?p", /* purging out punctuation/symbols/junk */`
			`"/?s@?s",`
			`- "/?X@?X",`

			`/* attempt reverse engineering of password strings */`

			`@@ -454,6 +453,12 @@ GTry(rawtext, password)`
			`continue;`
			`}`

			`+ if (len - strlen(mp) >= 3)`
			`+ {`
			`+ /* purged too much */`
			`+ continue;`
			`+ }`
			`+`
			`#ifdef DEBUG`
			`printf("%-16s = %-16s (destruct %s)\n", mp, rawtext, r_destructors[i]);`
			`#endif`
			`@@ -480,6 +485,12 @@ GTry(rawtext, password)`
			`continue;`
			`}`

			`+ if (len - strlen(mp) >= 3)`
			`+ {`
			`+ /* purged too much */`
			`+ continue;`
			`+ }`
			`+`
			`#ifdef DEBUG`
			`printf("%-16s = %-16s (construct %s)\n", mp, password, r_constructors[i]);`
			`#endif`
			`@@ -699,6 +710,7 @@ FascistLookUser(PWDICT pwp, char instr`
			`char rpassword[STRINGSIZE];`
			`char area[STRINGSIZE];`
			`uint32_t notfound;`
			`+ int len;`

			`notfound = PW_WORDS(pwp);`
			`/* already truncated if from FascistCheck() */`
			`@@ -748,6 +760,7 @@ FascistLookUser(PWDICT pwp, char instr`
			`return _("it is all whitespace");`
			`}`

			`+ len = strlen(password);`
			`i = 0;`
			`ptr = password;`
			`while (ptr[0] && ptr[1])`
			`@@ -759,10 +772,9 @@ FascistLookUser(PWDICT pwp, char instr`
			`ptr++;`
			`}`

			`- /* Change by Ben Karsin from ITS at University of Hawaii at Manoa. Static MAXSTEP`
			`- would generate many false positives for long passwords. */`
			`- maxrepeat = 3+(0.09*strlen(password));`
			`- if (i > maxrepeat)`
			`+ /* We were still generating false positives for long passwords.`
			`+ Just count systematic double as a single character. */`
			`+ if (len - i < MINLEN)`
			`{`
			`return _("it is too simplistic/systematic");`
			`}`
			`@@ -795,6 +807,12 @@ FascistLookUser(PWDICT pwp, char instr`
			`continue;`
			`}`

			`+ if (len - strlen(a) >= 3)`
			`+ {`
			`+ /* purged too much */`
			`+ continue;`
			`+ }`
			`+`
			`#ifdef DEBUG`
			`printf("%-16s (dict)\n", a);`
			`#endif`
			`@@ -815,6 +833,13 @@ FascistLookUser(PWDICT pwp, char instr`
			`{`
			`continue;`
			`}`
			`+`
			`+ if (len - strlen(a) >= 3)`
			`+ {`
			`+ /* purged too much */`
			`+ continue;`
			`+ }`
			`+`
			`#ifdef DEBUG`
			`printf("%-16s (reversed dict)\n", a);`
			`#endif`