Fix bug in logic of incrementing the received challenge. A ++/--

mixup means there's a 1 in 256 chance the server will get it wrong.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4651 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog
index 7c5a1282fcbb9c5a77216da0d84933493591fa12..85959d788ebc5a018b239b0d36c5fca7963c3fa2 100644 (file)
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,5 +1,9 @@
 Tue Nov  8 01:39:50 1994  Theodore Y. Ts'o  (tytso@dcl)
 
+       * kerberos.c (kerberos4_is): Fix bug in logic of incrementing the
+               received challenge.  A ++/-- mixup means there's a 1 in
+               256 chance the server will get it wrong.
+
        * kerberos.c: Use des_init_random_number_genator(), since that
                will result in different subsession keys on successive
                runs of telnet.

diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c
index 757f48b7cf4ca614f6fdf9b1ee37a925bf5942d6..8f1b7c1de72209660f8aaefb07763c9a74338fa8 100644 (file)
--- a/src/appl/telnet/libtelnet/kerberos.c
+++ b/src/appl/telnet/libtelnet/kerberos.c
@@ -337,7 +337,7 @@ kerberos4_is(ap, data, cnt)
                 * increment by one, re-encrypt it and send it back.
                 */
                des_ecb_encrypt(datablock, challenge, sched, 0);
-               for (r = 7; r >= 0; r++) {
+               for (r = 7; r >= 0; r--) {
                        register int t;
                        t = (unsigned int)challenge[r] + 1;
                        challenge[r] = t;       /* ignore overflow */