modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len

* modules/pam_unix/passverify.c: Include "pam_inline.h".
(verify_pwd_hash): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
* modules/pam_unix/support.c: Include "pam_inline.h".
(_set_ctrl): Use pam_str_skip_prefix_len instead of hardcoding string
lengths.
* modules/pam_unix/md5_crypt.c: Include "pam_inline.h".
(crypt_md5): Use pam_str_skip_prefix_len.

squash! modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len

3 files changed, 14 insertions, 8 deletions

diff --git a/modules/pam_unix/md5_crypt.c b/modules/pam_unix/md5_crypt.c
index 4ab9ec84..94f7b434 100644
--- a/modules/pam_unix/md5_crypt.c
+++ b/modules/pam_unix/md5_crypt.c
@@ -15,6 +15,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include "md5.h"
+#include "pam_inline.h"
 
 static unsigned char itoa64[] =	/* 0 ... 63 => ascii - 64 */
 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -55,8 +56,8 @@ char *MD5Name(crypt_md5)(const char *pw, const char *salt)
 		return NULL;
 
 	/* If it starts with the magic string, then skip that */
-	if (!strncmp(sp, magic, strlen(magic)))
-		sp += strlen(magic);
+	if ((ep = pam_str_skip_prefix_len(sp, magic, strlen(magic))) != NULL)
+		sp = ep;
 
 	/* It stops at the first '$', max 8 chars */
 	for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 234db341..a571b4f7 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -26,6 +26,7 @@
 #endif
 
 #include "pam_cc_compat.h"
+#include "pam_inline.h"
 #include "md5.h"
 #include "bigcrypt.h"
 #include "passverify.h"
@@ -88,7 +89,7 @@ PAMH_ARG_DECL(int verify_pwd_hash,
 	} else if (!p || *hash == '*' || *hash == '!') {
 		retval = PAM_AUTH_ERR;
 	} else {
-		if (!strncmp(hash, "$1$", 3)) {
+		if (pam_str_skip_prefix(hash, "$1$") != NULL) {
 			pp = Goodcrypt_md5(p, hash);
 			if (pp && strcmp(pp, hash) != 0) {
 				_pam_delete(pp);
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index a04211cd..41db1f04 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -29,6 +29,7 @@
 #include <security/pam_modutil.h>
 
 #include "pam_cc_compat.h"
+#include "pam_inline.h"
 #include "support.h"
 #include "passverify.h"
 
@@ -112,17 +113,20 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
 	/* now parse the arguments to this module */
 
 	for (; argc-- > 0; ++argv) {
+		const char *str = NULL;
 
 		D(("pam_unix arg: %s", *argv));
 
 		for (j = 0; j < UNIX_CTRLS_; ++j) {
 			if (unix_args[j].token
-			    && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) {
+			    && (str = pam_str_skip_prefix_len(*argv,
+							      unix_args[j].token,
+							      strlen(unix_args[j].token))) != NULL) {
 				break;
 			}
 		}
 
-		if (j >= UNIX_CTRLS_) {
+		if (str == NULL) {
 			pam_syslog(pamh, LOG_ERR,
 			         "unrecognized option [%s]", *argv);
 		} else {
@@ -133,7 +137,7 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
 					    "option remember not allowed for this module type");
 					continue;
 				}
-				*remember = strtol(*argv + 9, NULL, 10);
+				*remember = strtol(str, NULL, 10);
 				if ((*remember == INT_MIN) || (*remember == INT_MAX))
 					*remember = -1;
 				if (*remember > 400)
@@ -144,14 +148,14 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
 					    "option minlen not allowed for this module type");
 					continue;
 				}
-				*pass_min_len = atoi(*argv + 7);
+				*pass_min_len = atoi(str);
 			} else if (j == UNIX_ALGO_ROUNDS) {
 				if (rounds == NULL) {
 					pam_syslog(pamh, LOG_ERR,
 					    "option rounds not allowed for this module type");
 					continue;
 				}
-				*rounds = strtol(*argv + 7, NULL, 10);
+				*rounds = strtol(str, NULL, 10);
 			}
 
 			ctrl &= unix_args[j].mask;	/* for turning things off */