aboutsummaryrefslogtreecommitdiffstats
path: root/package/busybox/patches/310-passwd_access.patch
diff options
context:
space:
mode:
authorblogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73>2012-10-05 10:12:53 +0000
committerblogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73>2012-10-05 10:12:53 +0000
commit5c105d9f3fd086aff195d3849dcf847d6b0bd927 (patch)
tree1229a11f725bfa58aa7c57a76898553bb5f6654a /package/busybox/patches/310-passwd_access.patch
downloadopenwrt-5c105d9f3fd086aff195d3849dcf847d6b0bd927.tar.gz
openwrt-5c105d9f3fd086aff195d3849dcf847d6b0bd927.zip
branch Attitude Adjustment
git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@33625 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/busybox/patches/310-passwd_access.patch')
-rw-r--r--package/busybox/patches/310-passwd_access.patch41
1 files changed, 41 insertions, 0 deletions
diff --git a/package/busybox/patches/310-passwd_access.patch b/package/busybox/patches/310-passwd_access.patch
new file mode 100644
index 000000000..daa1b9998
--- /dev/null
+++ b/package/busybox/patches/310-passwd_access.patch
@@ -0,0 +1,41 @@
+
+ Copyright (C) 2006 OpenWrt.org
+
+--- a/networking/httpd.c
++++ b/networking/httpd.c
+@@ -1700,21 +1700,32 @@ static int check_user_passwd(const char
+
+ if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
+ char *md5_passwd;
++ int user_len_p1;
+
+ md5_passwd = strchr(cur->after_colon, ':');
+- if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
++ user_len_p1 = md5_passwd + 1 - cur->after_colon;
++ if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) {
++ struct passwd *pwd = NULL;
++
++ pwd = getpwnam(&md5_passwd[4]);
++ if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!')
++ return 1;
++
++ md5_passwd = pwd->pw_passwd;
++ goto check_md5_pw;
++ } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
+ && md5_passwd[3] == '$' && md5_passwd[4]
+ ) {
+ char *encrypted;
+- int r, user_len_p1;
++ int r;
+
+ md5_passwd++;
+- user_len_p1 = md5_passwd - cur->after_colon;
+ /* comparing "user:" */
+ if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {
+ continue;
+ }
+
++check_md5_pw:
+ encrypted = pw_encrypt(
+ user_and_passwd + user_len_p1 /* cleartext pwd from user */,
+ md5_passwd /*salt */, 1 /* cleanup */);