package/busybox/patches/310-passwd_access.patch

   1
   2         Copyright (C) 2006 OpenWrt.org
   3
   4 Index: busybox-1.4.2/networking/httpd.c
   5 ===================================================================
   6 --- busybox-1.4.2.orig/networking/httpd.c       2007-06-04 13:21:32.190083032 +0200
   7 +++ busybox-1.4.2/networking/httpd.c    2007-06-04 13:21:34.401746808 +0200
   8 @@ -1402,12 +1402,26 @@
   9                         if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
  10                                 char *cipher;
  11                                 char *pp;
  12 +                               char *ppnew = NULL;
  13 +                               struct passwd *pwd = NULL;
  14
  15                                 if (strncmp(p, request, u-request) != 0) {
  16                                         /* user uncompared */
  17                                         continue;
  18                                 }
  19                                 pp = strchr(p, ':');
  20 +                               if(pp && pp[1] == '$' && pp[2] == 'p' &&
  21 +                                                pp[3] == '$' && pp[4] &&
  22 +                                        (pwd = getpwnam(&pp[4])) != NULL) {
  23 +                                       if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
  24 +                                               prev = NULL;
  25 +                                               continue;
  26 +                                       }
  27 +                                       ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
  28 +                                       ppnew[0] = ':';
  29 +                                       strcpy(ppnew + 1, pwd->pw_passwd);
  30 +                                       pp = ppnew;
  31 +                               }
  32                                 if (pp && pp[1] == '$' && pp[2] == '1' &&
  33                                                 pp[3] == '$' && pp[4]) {
  34                                         pp++;
  35 @@ -1417,6 +1431,10 @@
  36                                         /* unauthorized */
  37                                         continue;
  38                                 }
  39 +                               if (ppnew) {
  40 +                                       free(ppnew);
  41 +                                       ppnew = NULL;
  42 +                               }
  43                         }
  44
  45                         if (strcmp(p, request) == 0) {