Correct sense of crypt(3) NULL checks in init(8) and lock(1)

In r231994, an attempt was made to fix crypt(3) failure returns (NULL). However, instead of treating crypt(3) failure as authentication failure, some of the changes treated crypt(3) failure as authentication success. This is wrong. r324225 fixed this for ppp, which also inspired this review. The other changes in the 231994 revision were audited for correctness and look ok. Reviewed by: jhb Security: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12571
svn path=/head/; revision=324229
2024-07-21 18:27:22 +00:00 · 2017-10-03 00:53:11 +00:00 · 2017-10-03 00:53:11 +00:00 · 2c9a33f557 · 2020-12-20 02:59:44 +00:00
parent 61d53d8fce
commit 2c9a33f557
2 changed files with 2 additions and 2 deletions
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@ -919,7 +919,7 @@ single_user(void)
 					_exit(0);
 				password = crypt(clear, pp->pw_passwd);
 				bzero(clear, _PASSWORD_LEN);
-				if (password == NULL ||
+				if (password != NULL &&
 				    strcmp(password, pp->pw_passwd) == 0)
 					break;
 				warning("single-user login failed\n");
--- a/usr.bin/lock/lock.c
+++ b/usr.bin/lock/lock.c
@ -223,7 +223,7 @@ main(int argc, char **argv)
 		if (usemine) {
 			s[strlen(s) - 1] = '\0';
 			cryptpw = crypt(s, mypw);
-			if (cryptpw == NULL || !strcmp(mypw, cryptpw))
+			if (cryptpw != NULL && !strcmp(mypw, cryptpw))
 				break;
 		}
 		else if (!strcmp(s, s1))