svn commit: r324229 - in head: sbin/init usr.bin/lock

[Conrad Meyer]

Author: cem
Date: Tue Oct  3 00:53:11 2017
New Revision: 324229
URL: https://svnweb.freebsd.org/changeset/base/324229

Log:
  Correct sense of crypt(3) NULL checks in init(8) and lock(1)
  
  In r231994, an attempt was made to fix crypt(3) failure returns (NULL).
  However, instead of treating crypt(3) failure as authentication failure,
  some of the changes treated crypt(3) failure as authentication success.
  This is wrong.
  
  r324225 fixed this for ppp, which also inspired this review.  The other
  changes in the 231994 revision were audited for correctness and look ok.
  
  Reviewed by:	jhb
  Security:	yes
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D12571

Modified:
  head/sbin/init/init.c
  head/usr.bin/lock/lock.c

Modified: head/sbin/init/init.c
==============================================================================
--- head/sbin/init/init.c	Mon Oct  2 23:31:11 2017	(r324228)
+++ head/sbin/init/init.c	Tue Oct  3 00:53:11 2017	(r324229)
@@ -919,7 +919,7 @@ single_user(void)
 					_exit(0);
 				password = crypt(clear, pp->pw_passwd);
 				bzero(clear, _PASSWORD_LEN);
-				if (password == NULL ||
+				if (password != NULL &&
 				    strcmp(password, pp->pw_passwd) == 0)
 					break;
 				warning("single-user login failed\n");

Modified: head/usr.bin/lock/lock.c
==============================================================================
--- head/usr.bin/lock/lock.c	Mon Oct  2 23:31:11 2017	(r324228)
+++ head/usr.bin/lock/lock.c	Tue Oct  3 00:53:11 2017	(r324229)
@@ -223,7 +223,7 @@ main(int argc, char **argv)
 		if (usemine) {
 			s[strlen(s) - 1] = '\0';
 			cryptpw = crypt(s, mypw);
-			if (cryptpw == NULL || !strcmp(mypw, cryptpw))
+			if (cryptpw != NULL && !strcmp(mypw, cryptpw))
 				break;
 		}
 		else if (!strcmp(s, s1))