1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-12-13 14:00:38 +02:00
openwrt-xburst/package/busybox/patches/310-passwd_access.patch
nico bfd5f1061a package/busybox: wget: URL-decode user:password before base64-encoding it into auth hdr (upstream fix)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29299 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-11-23 19:41:36 +00:00

42 lines
1.2 KiB
Diff

Copyright (C) 2006 OpenWrt.org
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1700,21 +1700,32 @@ static int check_user_passwd(const char
if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
char *md5_passwd;
+ int user_len_p1;
md5_passwd = strchr(cur->after_colon, ':');
- if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
+ user_len_p1 = md5_passwd + 1 - cur->after_colon;
+ if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) {
+ struct passwd *pwd = NULL;
+
+ pwd = getpwnam(&md5_passwd[4]);
+ if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!')
+ return 1;
+
+ md5_passwd = pwd->pw_passwd;
+ goto check_md5_pw;
+ } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
&& md5_passwd[3] == '$' && md5_passwd[4]
) {
char *encrypted;
- int r, user_len_p1;
+ int r;
md5_passwd++;
- user_len_p1 = md5_passwd - cur->after_colon;
/* comparing "user:" */
if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {
continue;
}
+check_md5_pw:
encrypted = pw_encrypt(
user_and_passwd + user_len_p1 /* cleartext pwd from user */,
md5_passwd /*salt */, 1 /* cleanup */);