Path: utzoo!mnetor!uunet!sco!chapman
From: chapman@sco.COM (Brian Chapman Mx321)
Newsgroups: comp.unix.xenix
Subject: Re: Xenix 286 and 386 crypt bugs.
Message-ID: <379@sysco>
Date: 4 Apr 88 19:16:55 GMT
References: <111@portnoy.CTS.COM>
Reply-To: chapman@sco.COM (Brian Chapman Mx321)
Organization: The Santa Cruz Operation, Inc.
Lines: 41

In article <111@portnoy.CTS.COM> ag@portnoy.CTS.COM (Keith Gabryelski) writes:
< There is a bug in the crypt(S) library function in all Xenix libraries
< (and most System V libraries) which completely prevents proper
< encryption/decryption of data using the DES algorithm.  The routines
< affected are setkey() and encrypt(), the crypt() function works as it
< is.
< 
< The bug was found by myself and Michael Ditto (ford@kenobi) by
< comparing a working version (bsd) against the binaries of several SysV
< and Xenix systems.
< 
< We have seen the bug in the libraries on the AT&T Unix PC and in SCO
< Xenix, so I would assume it is in all SysV-derived libraries.
< 

Mr. Gabryelsky's and Mr. Ditto's analysis is corrent.
Although from inspection of our source I found the loop was
completly missing, not moved.

I found this bug just before the new year because I had
seen two reports on in comp.unix.xenix that people were
having trouble with encrypt(S).

I fixed the problem in our source in Feb. and working
encrypt libraries should be availible soon.

The reason that BSD and Xenix V are both broken in the
same way is because I think broken encrypt(S) dates back
to version 7.  The invention of e2 (or e in our source)
was added to encrypt(S) to support passwd salts in crypt(S).
The encrypt() source on the latest AT&T tape is correct.

It is quite amazing how some problems can lay dormant for
a long time and then suddenly ramp up.  It must be one of
those market "critical masses" that Bill Gates and Steve Jobs
are so fond of.
-- 
			   uunet!\
			ganglion! \
Brian Chapman	 decvax!microsof!  >sco!chapman
		    ucbvax!ucscc!-/