[bug-inetutils] Defects in encrypt for TELNET.

[Mats Erik Andersson]

Dear all,

I have claimed before that prototype inclusion is in a miserable
state as soon as Kerberos or Shishi is activates. Today I decided
to attack a trivial case and immediately I located an serious bug.

Using "--with-shishi" there were warnings about missing prototypes
for auth_printsub() and encrypt_printsub() in "telnet/utilities.c"
and "telnetd/utility.c". The patch below silences these. My work
uncovered the self-contradictory statements for prototype,
declaration and definition of encrypt_printsub(), namely in
the order of its arguments. The implementation up until now
should probably render encrypted content into garbage under
some circumstances. Could the original architect step up to
claim reproducably whether the recent release produces fully
functional TELNET server and client, and whether my proposed
changes improve the situation, again reproducably?

The patch reverserses the order between auth_printsub() and
auth_gen_printsub() in "libtelnet/auth.c" so that proper
encapsulation attains. Observe also that every *_printsub()
except encrypt_printsub() share the prototype

   name (unsigned char *, int, unsigned char *, int)

Had header inclusion been properly implemented, the present bug
would have been easily detected. The iceberg of incomplete 
coverage in our Kerberos code is still below surface! I maintain
the view that verified Kerberos support should be a major milestone
for our next release.

Best regards,
  Mats

auth_encrypt_printsub.diff
Description: Text Data