From e89c322b1e0bad237436672eb98e8bcfac8a7497 Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Wed, 9 Nov 1994 05:12:23 +0000
Subject: [PATCH] Fix bug in logic of incrementing the received challenge.  A
 ++/-- mixup means there's a 1 in 256 chance the server will get it wrong.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4651 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/appl/telnet/libtelnet/ChangeLog  | 4 ++++
 src/appl/telnet/libtelnet/kerberos.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog
index 7c5a1282f..85959d788 100644
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,5 +1,9 @@
 Tue Nov  8 01:39:50 1994  Theodore Y. Ts'o  (tytso@dcl)
 
+	* kerberos.c (kerberos4_is): Fix bug in logic of incrementing the
+		received challenge.  A ++/-- mixup means there's a 1 in
+		256 chance the server will get it wrong.
+
 	* kerberos.c: Use des_init_random_number_genator(), since that
 		will result in different subsession keys on successive
 		runs of telnet.
diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c
index 757f48b7c..8f1b7c1de 100644
--- a/src/appl/telnet/libtelnet/kerberos.c
+++ b/src/appl/telnet/libtelnet/kerberos.c
@@ -337,7 +337,7 @@ kerberos4_is(ap, data, cnt)
 		 * increment by one, re-encrypt it and send it back.
 		 */
 		des_ecb_encrypt(datablock, challenge, sched, 0);
-		for (r = 7; r >= 0; r++) {
+		for (r = 7; r >= 0; r--) {
 			register int t;
 			t = (unsigned int)challenge[r] + 1;
 			challenge[r] = t;	/* ignore overflow */
-- 
2.26.2