password: fixed underflow on <backspace>

due to missing/misplaced boundary check, deleting characters could
underflow the password buffer.

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

common/password.c

@@ -66,11 +66,14 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout)
 			case CTL_CH('h'):
 			case KEY_DEL7:
 			case KEY_DEL:
-				if (flags & STAR && pos > 0)
-					puts("\b \b");
-				*buf = '\0';
-				buf--;
-				pos--;
+				if (pos > 0) {
+					if (flags & STAR)
+						puts("\b \b");
+
+					*buf = '\0';
+					buf--;
+					pos--;
+				}
 				continue;
 			default:
 				if (pos < length - 1) {