- if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2
- || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0)
+ if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2)
+ return SESSION_FAILED;
+ cbuf = crypt(passwd, pw->pw_passwd);
+ if (!cbuf || strcmp(cbuf, pw->pw_passwd) != 0)