blob: 22e6abcb01fcfbda1d3a9f68c857a11e4751db36 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
Copyright (C) 2006 OpenWrt.org
Index: busybox-1.4.2/networking/httpd.c
===================================================================
--- busybox-1.4.2.orig/networking/httpd.c 2007-06-04 13:21:32.190083032 +0200
+++ busybox-1.4.2/networking/httpd.c 2007-06-04 13:21:34.401746808 +0200
@@ -1402,12 +1402,26 @@
if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
char *cipher;
char *pp;
+ char *ppnew = NULL;
+ struct passwd *pwd = NULL;
if (strncmp(p, request, u-request) != 0) {
/* user uncompared */
continue;
}
pp = strchr(p, ':');
+ if(pp && pp[1] == '$' && pp[2] == 'p' &&
+ pp[3] == '$' && pp[4] &&
+ (pwd = getpwnam(&pp[4])) != NULL) {
+ if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
+ prev = NULL;
+ continue;
+ }
+ ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
+ ppnew[0] = ':';
+ strcpy(ppnew + 1, pwd->pw_passwd);
+ pp = ppnew;
+ }
if (pp && pp[1] == '$' && pp[2] == '1' &&
pp[3] == '$' && pp[4]) {
pp++;
@@ -1417,6 +1431,10 @@
/* unauthorized */
continue;
}
+ if (ppnew) {
+ free(ppnew);
+ ppnew = NULL;
+ }
}
if (strcmp(p, request) == 0) {
|
