projects / openwrt-10.03 / .git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[package] busybox: update to v1.14.4 (closes: #5619)
[openwrt-10.03/.git] / package / busybox / patches / 310-passwd_access.patch
1
2         Copyright (C) 2006 OpenWrt.org
3
4 --- a/networking/httpd.c
5 +++ b/networking/httpd.c
6 @@ -1699,21 +1699,32 @@ static int check_user_passwd(const char 
7  
8                 if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
9                         char *md5_passwd;
10 +                       int user_len_p1;
11  
12                         md5_passwd = strchr(cur->after_colon, ':');
13 -                       if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
14 +                       user_len_p1 = md5_passwd + 1 - cur->after_colon;
15 +                       if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) {
16 +                               struct passwd *pwd = NULL;
17 +
18 +                               pwd = getpwnam(&md5_passwd[4]);
19 +                               if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!')
20 +                                       return 1;
21 +
22 +                               md5_passwd = pwd->pw_passwd;
23 +                               goto check_md5_pw;
24 +                       } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
25                          && md5_passwd[3] == '$' && md5_passwd[4]
26                         ) {
27                                 char *encrypted;
28 -                               int r, user_len_p1;
29 +                               int r;
30  
31                                 md5_passwd++;
32 -                               user_len_p1 = md5_passwd - cur->after_colon;
33                                 /* comparing "user:" */
34                                 if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {
35                                         continue;
36                                 }
37  
38 +check_md5_pw:
39                                 encrypted = pw_encrypt(
40                                         user_and_passwd + user_len_p1 /* cleartext pwd from user */,
41                                         md5_passwd /*salt */, 1 /* cleanup */);
Unnamed repository; edit this file 'description' to name the repository.