Bug#517823: opie-client: strange, non-working -s option in quick usage message

Mon, 02 Mar 2009 03:08:10 -0800 

Package: opie-client
Version: 2.32.dfsg.1-0.1
Severity: minor
Tags: patch

  $ opiekey
  usage: opiekey [-v] [-h] [-f] [-x] [-t type] [-4 | -5 | -s] [-a] [-n count] 
sequence_number seed
  $ opiekey -s 100 aa9999
  Using the SHA-1 algorithm to compute response.
  Reminder: Don't use opiekey from telnet or dial-in sessions.
  Enter secret pass phrase: [any passphrase]
  ODD DEFT FALL A A ABE

Some experimentation with -n and -x and different sequence numbers and
seeds produces only ODD DEFT FALL A A ABE (2E4E 3DF6 0000 0000) for
any input parameters whatsoever.  Looking at the opiekey(1) man page,
-s doesn't appear anywhere that I can see.

>From a cursory glance through the Debianized opie-2.32 source tree,
the opiehashlen function in libopie/hashlen.c seems to mediate all
digest algorithm usage in OPIE, and it contains a case for SHA-1 in
the opiehashlen() function, but it's omitted from compilation with an
#if 0 block.  Presumably the solution is to either fully enable the
possibility of SHA-1 usage or strip the broken -s option out of the
opiekey program.

A rough patch is attached that strips the obvious instances of SHA-1
stuff out of opiekey.c; this doesn't hit potential cases of this in
the other client programs and should be reviewed before applying.

   ---> Drake Wilson

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27.1 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages opie-client depends on:
ii  libc6                         2.9-4      GNU C Library: Shared libraries

opie-client recommends no packages.

opie-client suggests no packages.

-- no debconf information

--- opiekey.c.old	2009-03-02 04:40:13.000000000 -0600
+++ opiekey.c	2009-03-02 04:40:47.000000000 -0600
@@ -64,7 +64,7 @@
 
 static VOIDRET usage FUNCTION((s), char *s)
 {
-  fprintf(stderr, "usage: %s [-v] [-h] [-f] [-x] [-t type] [-4 | -5 | -s] [-a] [-n count] sequence_number seed\n", s);
+  fprintf(stderr, "usage: %s [-v] [-h] [-f] [-x] [-t type] [-4 | -5] [-a] [-n count] sequence_number seed\n", s);
   exit(1);
 }
 
@@ -151,9 +151,6 @@
   if (strstr(slash, "md5"))
     algorithm = 5;
 
-  if (strstr(slash, "sha"))
-    algorithm = 3;
-
   while ((i = getopt(argc, argv, "fhvn:x45at:s")) != EOF) {
     switch (i) {
     case 'v':
@@ -201,10 +198,6 @@
       }
       break;
 
-    case 's':
-      algorithm = 3;
-      break;
-
     default:
       usage(argv[0]);
     }

Reply via email to