uhttpd: - ignore authentication realms that refer to user accounts with no password...
authorJo-Philipp Wich <jow@openwrt.org>
Sat, 24 Apr 2010 11:07:41 +0000 (11:07 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Sat, 24 Apr 2010 11:07:41 +0000 (11:07 +0000)
SVN-Revision: 21121

package/uhttpd/Makefile
package/uhttpd/src/uhttpd-cgi.c
package/uhttpd/src/uhttpd-utils.c
package/uhttpd/src/uhttpd.c

index 0f267be2af97cdac104e25e7d2e48adf95643dc2..0dcc6a900b2dc5f798e24b86669673338b4506d1 100644 (file)
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uhttpd
-PKG_RELEASE:=8
+PKG_RELEASE:=9
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 
index 1a6c6ad4febc3eed64e14bcd8b7c983eb994e568..855a72f5697dbff4001b22a59a5eab3475acf44e 100644 (file)
@@ -68,7 +68,7 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off)
                                if( (pos < len) && (buf[pos] == '\n') )
                                        pos++;
 
-                               if( pos < len )
+                               if( pos <= len )
                                {
                                        if( (hdrcount + 1) < array_size(res.headers) )
                                        {
index 96c0b82cda5d3c79e0a419cd67579caccebbf0fa..caa6b12bc684b64fa3eff9e32482cd6e1c82ad47 100644 (file)
@@ -622,10 +622,14 @@ struct auth_realm * uh_auth_add(char *path, char *user, char *pass)
                                min(strlen(pass), sizeof(new->pass) - 1));
                }
 
-               uh_realm_count++;
+               if( new->pass[0] )
+               {
+                       uh_realm_count++;
+                       return new;
+               }
        }
 
-       return new;
+       return NULL;
 }
 
 int uh_auth_check(
index 9de77c814d3fd043fb68ecfead7db6e55e309cd6..152e0b452a7899e9124ae3787e71647e076357e9 100644 (file)
@@ -71,8 +71,8 @@ static void uh_config_parse(const char *path)
                                if( !uh_auth_add(line, user, pass) )
                                {
                                        fprintf(stderr,
-                                               "Can not manage more than %i basic auth realms, "
-                                               "will skip the rest\n", UH_LIMIT_AUTHREALMS
+                                               "Notice: No password set for user %s, ignoring "
+                                               "authentication on %s\n", user, line
                                        );
 
                                        break;