Fix rotate check logic

Rotate passwd checking code has logic error, which writes data into
un-allocated memory. This patch fixes the issue.

Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>

diff --git a/libbb/obscure.c b/libbb/obscure.c
index 750b611..4a07b5f 100644
--- a/libbb/obscure.c
+++ b/libbb/obscure.c
@@ -135,7 +135,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
 {
 	const char *msg;
 	char *newmono, *wrapped;
-	int lenwrap;
+	int lenold, lenwrap;
 
 	if (strcmp(newval, old) == 0)
 		return "no change";
@@ -144,7 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
 
 	msg = NULL;
 	newmono = str_lower(xstrdup(newval));
-	lenwrap = strlen(old) * 2 + 1;
+	lenold = strlen(old);
+	lenwrap = lenold * 2 + 1;
 	wrapped = (char *) xmalloc(lenwrap);
 	str_lower(strcpy(wrapped, old));
 
@@ -158,7 +159,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
 		msg = "too similiar";
 
 	else {
-		safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+		safe_strncpy(wrapped + lenold, wrapped, lenold + 1);
 		if (strstr(wrapped, newmono))
 			msg = "rotated";
 	}