Xenix 286 and 386 crypt bugs.
Brian Chapman Mx321
chapman at sco.COM
Tue Apr 5 05:16:55 AEST 1988
In article <111 at portnoy.CTS.COM> ag at portnoy.CTS.COM (Keith Gabryelski) writes:
< There is a bug in the crypt(S) library function in all Xenix libraries
< (and most System V libraries) which completely prevents proper
< encryption/decryption of data using the DES algorithm. The routines
< affected are setkey() and encrypt(), the crypt() function works as it
< is.
<
< The bug was found by myself and Michael Ditto (ford at kenobi) by
< comparing a working version (bsd) against the binaries of several SysV
< and Xenix systems.
<
< We have seen the bug in the libraries on the AT&T Unix PC and in SCO
< Xenix, so I would assume it is in all SysV-derived libraries.
<
Mr. Gabryelsky's and Mr. Ditto's analysis is corrent.
Although from inspection of our source I found the loop was
completly missing, not moved.
I found this bug just before the new year because I had
seen two reports on in comp.unix.xenix that people were
having trouble with encrypt(S).
I fixed the problem in our source in Feb. and working
encrypt libraries should be availible soon.
The reason that BSD and Xenix V are both broken in the
same way is because I think broken encrypt(S) dates back
to version 7. The invention of e2 (or e in our source)
was added to encrypt(S) to support passwd salts in crypt(S).
The encrypt() source on the latest AT&T tape is correct.
It is quite amazing how some problems can lay dormant for
a long time and then suddenly ramp up. It must be one of
those market "critical masses" that Bill Gates and Steve Jobs
are so fond of.
--
uunet!\
ganglion! \
Brian Chapman decvax!microsof! >sco!chapman
ucbvax!ucscc!-/
More information about the Comp.unix.xenix
mailing list