From 937577d0307b7180b3754542f4112ea7f96771eb Mon Sep 17 00:00:00 2001 From: dima Date: Fri, 17 Feb 1995 03:57:00 +0000 Subject: Security fixes. CERT Advisory CA-95:03.telnet.encryption Obtained from: CERT --- secure/lib/libtelnet/auth.c | 24 +++++++++++++++++------- secure/lib/libtelnet/kerberos.c | 14 ++++++++++---- 2 files changed, 27 insertions(+), 11 deletions(-) (limited to 'secure/lib/libtelnet') diff --git a/secure/lib/libtelnet/auth.c b/secure/lib/libtelnet/auth.c index 1eb198a..485ac83 100644 --- a/secure/lib/libtelnet/auth.c +++ b/secure/lib/libtelnet/auth.c @@ -246,7 +246,7 @@ getauthmask(type, maskp) { register int x; - if (strcasecmp(type, AUTHTYPE_NAME(0))) { + if (!strcasecmp(type, AUTHTYPE_NAME(0))) { *maskp = -1; return(1); } @@ -262,14 +262,14 @@ getauthmask(type, maskp) int auth_enable(type) - int type; + char * type; { return(auth_onoff(type, 1)); } int auth_disable(type) - int type; + char * type; { return(auth_onoff(type, 0)); } @@ -279,15 +279,20 @@ auth_onoff(type, on) char *type; int on; { - int mask = -1; + int i, mask = -1; Authenticator *ap; if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) { printf("auth %s 'type'\n", on ? "enable" : "disable"); printf("Where 'type' is one of:\n"); printf("\t%s\n", AUTHTYPE_NAME(0)); - for (ap = authenticators; ap->type; ap++) + mask = 0; + for (ap = authenticators; ap->type; ap++) { + if ((mask & (i = typemask(ap->type))) != 0) + continue; + mask |= i; printf("\t%s\n", AUTHTYPE_NAME(ap->type)); + } return(0); } @@ -295,7 +300,6 @@ auth_onoff(type, on) printf("%s: invalid authentication type\n", type); return(0); } - mask = getauthmask(type, &mask); if (on) i_wont_support &= ~mask; else @@ -319,16 +323,22 @@ auth_togdebug(on) auth_status() { Authenticator *ap; + int i, mask; if (i_wont_support == -1) printf("Authentication disabled\n"); else printf("Authentication enabled\n"); - for (ap = authenticators; ap->type; ap++) + mask = 0; + for (ap = authenticators; ap->type; ap++) { + if ((mask & (i = typemask(ap->type))) != 0) + continue; + mask |= i; printf("%s: %s\n", AUTHTYPE_NAME(ap->type), (i_wont_support & typemask(ap->type)) ? "disabled" : "enabled"); + } return(1); } diff --git a/secure/lib/libtelnet/kerberos.c b/secure/lib/libtelnet/kerberos.c index aa9b418..7c5771c 100644 --- a/secure/lib/libtelnet/kerberos.c +++ b/secure/lib/libtelnet/kerberos.c @@ -227,9 +227,10 @@ kerberos4_send(ap) register int i; des_key_sched(cred.session, sched); - des_set_random_generator_seed(cred.session); - des_new_random_key(challenge); - des_ecb_encrypt(challenge, session_key, sched, 1); + des_init_random_number_generator(cred.session); + des_new_random_key(session_key); + des_ecb_encrypt(session_key, session_key, sched, 0); + des_ecb_encrypt(session_key, challenge, sched, 0); /* * Increment the challenge by 1, and encrypt it for * later comparison. @@ -322,6 +323,11 @@ kerberos4_is(ap, data, cnt) break; } + /* + * Initialize the random number generator since it's + * used later on by the encryption routine. + */ + des_init_random_number_generator(session_key); des_key_sched(session_key, sched); bcopy((void *)data, (void *)datablock, sizeof(Block)); /* @@ -339,7 +345,7 @@ kerberos4_is(ap, data, cnt) * increment by one, re-encrypt it and send it back. */ des_ecb_encrypt(datablock, challenge, sched, 0); - for (r = 7; r >= 0; r++) { + for (r = 7; r >= 0; r--) { register int t; t = (unsigned int)challenge[r] + 1; challenge[r] = t; /* ignore overflow */ -- cgit v1.1