Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 3 Oct 2017 00:53:11 +0000 (UTC)
From:      Conrad Meyer <cem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r324229 - in head: sbin/init usr.bin/lock
Message-ID:  <201710030053.v930rBq6036668@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: cem
Date: Tue Oct  3 00:53:11 2017
New Revision: 324229
URL: https://svnweb.freebsd.org/changeset/base/324229

Log:
  Correct sense of crypt(3) NULL checks in init(8) and lock(1)
  
  In r231994, an attempt was made to fix crypt(3) failure returns (NULL).
  However, instead of treating crypt(3) failure as authentication failure,
  some of the changes treated crypt(3) failure as authentication success.
  This is wrong.
  
  r324225 fixed this for ppp, which also inspired this review.  The other
  changes in the 231994 revision were audited for correctness and look ok.
  
  Reviewed by:	jhb
  Security:	yes
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D12571

Modified:
  head/sbin/init/init.c
  head/usr.bin/lock/lock.c

Modified: head/sbin/init/init.c
==============================================================================
--- head/sbin/init/init.c	Mon Oct  2 23:31:11 2017	(r324228)
+++ head/sbin/init/init.c	Tue Oct  3 00:53:11 2017	(r324229)
@@ -919,7 +919,7 @@ single_user(void)
 					_exit(0);
 				password = crypt(clear, pp->pw_passwd);
 				bzero(clear, _PASSWORD_LEN);
-				if (password == NULL ||
+				if (password != NULL &&
 				    strcmp(password, pp->pw_passwd) == 0)
 					break;
 				warning("single-user login failed\n");

Modified: head/usr.bin/lock/lock.c
==============================================================================
--- head/usr.bin/lock/lock.c	Mon Oct  2 23:31:11 2017	(r324228)
+++ head/usr.bin/lock/lock.c	Tue Oct  3 00:53:11 2017	(r324229)
@@ -223,7 +223,7 @@ main(int argc, char **argv)
 		if (usemine) {
 			s[strlen(s) - 1] = '\0';
 			cryptpw = crypt(s, mypw);
-			if (cryptpw == NULL || !strcmp(mypw, cryptpw))
+			if (cryptpw != NULL && !strcmp(mypw, cryptpw))
 				break;
 		}
 		else if (!strcmp(s, s1))

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710030053.v930rBq6036668>