From 2c9a33f557a311c4a445104c60a08ad25b3c3ec8 Mon Sep 17 00:00:00 2001
From: Conrad Meyer <cem@FreeBSD.org>
Date: Tue, 3 Oct 2017 00:53:11 +0000
Subject: [PATCH] Correct sense of crypt(3) NULL checks in init(8) and lock(1)

In r231994, an attempt was made to fix crypt(3) failure returns (NULL).
However, instead of treating crypt(3) failure as authentication failure,
some of the changes treated crypt(3) failure as authentication success.
This is wrong.

r324225 fixed this for ppp, which also inspired this review.  The other
changes in the 231994 revision were audited for correctness and look ok.

Reviewed by:	jhb
Security:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12571
---
 sbin/init/init.c    | 2 +-
 usr.bin/lock/lock.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sbin/init/init.c b/sbin/init/init.c
index 34e40457622f..5fac6e2e180a 100644
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@@ -919,7 +919,7 @@ single_user(void)
 					_exit(0);
 				password = crypt(clear, pp->pw_passwd);
 				bzero(clear, _PASSWORD_LEN);
-				if (password == NULL ||
+				if (password != NULL &&
 				    strcmp(password, pp->pw_passwd) == 0)
 					break;
 				warning("single-user login failed\n");
diff --git a/usr.bin/lock/lock.c b/usr.bin/lock/lock.c
index 68e69a5b6e0d..5000aa672f7a 100644
--- a/usr.bin/lock/lock.c
+++ b/usr.bin/lock/lock.c
@@ -223,7 +223,7 @@ main(int argc, char **argv)
 		if (usemine) {
 			s[strlen(s) - 1] = '\0';
 			cryptpw = crypt(s, mypw);
-			if (cryptpw == NULL || !strcmp(mypw, cryptpw))
+			if (cryptpw != NULL && !strcmp(mypw, cryptpw))
 				break;
 		}
 		else if (!strcmp(s, s1))