1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-16 22:56:14 +02:00
openwrt-xburst/package/busybox/patches/310-passwd_access.patch
pavlov b0c94d7f56 refresh busybox patches
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9463 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-10-30 20:36:25 +00:00

46 lines
1.2 KiB
Diff

Copyright (C) 2006 OpenWrt.org
Index: busybox-1.7.2/networking/httpd.c
===================================================================
--- busybox-1.7.2.orig/networking/httpd.c 2007-10-30 15:34:59.000000000 -0500
+++ busybox-1.7.2/networking/httpd.c 2007-10-30 15:35:03.000000000 -0500
@@ -1527,12 +1527,26 @@
if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
char *cipher;
char *pp;
+ char *ppnew = NULL;
+ struct passwd *pwd = NULL;
if (strncmp(p, request, u - request) != 0) {
/* user doesn't match */
continue;
}
pp = strchr(p, ':');
+ if(pp && pp[1] == '$' && pp[2] == 'p' &&
+ pp[3] == '$' && pp[4] &&
+ (pwd = getpwnam(&pp[4])) != NULL) {
+ if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
+ prev = NULL;
+ continue;
+ }
+ ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
+ ppnew[0] = ':';
+ strcpy(ppnew + 1, pwd->pw_passwd);
+ pp = ppnew;
+ }
if (pp && pp[1] == '$' && pp[2] == '1'
&& pp[3] == '$' && pp[4]
) {
@@ -1543,6 +1557,10 @@
/* unauthorized */
continue;
}
+ if (ppnew) {
+ free(ppnew);
+ ppnew = NULL;
+ }
}
if (strcmp(p, request) == 0) {