Your patch fixes at least one of the problems (given two non-matching passwords).
It still has the same problem if you a) enter an empty password 6 times, or b) enter a "too simple" password 6 times in a row.
Per discussion in IRC, I added an additional check to ensure that the new_password is not the empty string (which is subtlely different from the new_password == NULL check).
Steve-
Your patch fixes at least one of the problems (given two non-matching passwords).
It still has the same problem if you a) enter an empty password 6 times, or b) enter a "too simple" password 6 times in a row.
Per discussion in IRC, I added an additional check to ensure that the new_password is not the empty string (which is subtlely different from the new_password == NULL check).
The attached patch includes the fix for bug #272232, as well as bug #283477.
I have a test package in my PPA. Any testing feedback from the community would be much appreciated.
:-Dustin