1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-12-25 23:21:45 +02:00
openwrt-xburst/package/busybox/patches/310-passwd_access.patch
nbd 5b9d06e88e fix for the password check (checked the wrong variable)
git-svn-id: svn://svn.openwrt.org/openwrt/branches/buildroot-ng/openwrt@4887 3c298f89-4303-0410-b956-a3cf2f4a3e73
2006-10-02 17:43:42 +00:00

43 lines
1.0 KiB
Diff

Copyright (C) 2006 OpenWrt.org
diff -urN busybox.old/networking/httpd.c busybox.dev/networking/httpd.c
--- busybox.old/networking/httpd.c 2004-10-08 10:03:29.000000000 +0200
+++ busybox.dev/networking/httpd.c 2006-02-04 01:54:19.688016250 +0100
@@ -1467,12 +1467,24 @@
{
char *cipher;
char *pp;
+ char *ppnew = NULL;
+ struct passwd *pwd = NULL;
if(strncmp(p, request, u-request) != 0) {
/* user uncompared */
continue;
}
pp = strchr(p, ':');
+ if(pp && pp[1] == '$' && pp[2] == 'p' &&
+ pp[3] == '$' && pp[4] &&
+ (pwd = getpwnam(&pp[4])) != NULL) {
+ if(pwd->pw_passwd && pwd->pw_passwd[0] == '!')
+ continue;
+ ppnew = malloc(5 + strlen(pwd->pw_passwd));
+ ppnew[0] = ':';
+ strcpy(ppnew + 1, pwd->pw_passwd);
+ pp = ppnew;
+ }
if(pp && pp[1] == '$' && pp[2] == '1' &&
pp[3] == '$' && pp[4]) {
pp++;
@@ -1482,6 +1492,10 @@
/* unauthorized */
continue;
}
+ if (ppnew) {
+ free(ppnew);
+ ppnew = NULL;
+ }
}
#endif
if (strcmp(p, request) == 0) {