refresh busybox patches
[openwrt/openwrt.git] / package / busybox / patches / 310-passwd_access.patch
1
2 Copyright (C) 2006 OpenWrt.org
3
4 Index: busybox-1.7.2/networking/httpd.c
5 ===================================================================
6 --- busybox-1.7.2.orig/networking/httpd.c 2007-10-30 15:34:59.000000000 -0500
7 +++ busybox-1.7.2/networking/httpd.c 2007-10-30 15:35:03.000000000 -0500
8 @@ -1527,12 +1527,26 @@
9 if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
10 char *cipher;
11 char *pp;
12 + char *ppnew = NULL;
13 + struct passwd *pwd = NULL;
14
15 if (strncmp(p, request, u - request) != 0) {
16 /* user doesn't match */
17 continue;
18 }
19 pp = strchr(p, ':');
20 + if(pp && pp[1] == '$' && pp[2] == 'p' &&
21 + pp[3] == '$' && pp[4] &&
22 + (pwd = getpwnam(&pp[4])) != NULL) {
23 + if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
24 + prev = NULL;
25 + continue;
26 + }
27 + ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
28 + ppnew[0] = ':';
29 + strcpy(ppnew + 1, pwd->pw_passwd);
30 + pp = ppnew;
31 + }
32 if (pp && pp[1] == '$' && pp[2] == '1'
33 && pp[3] == '$' && pp[4]
34 ) {
35 @@ -1543,6 +1557,10 @@
36 /* unauthorized */
37 continue;
38 }
39 + if (ppnew) {
40 + free(ppnew);
41 + ppnew = NULL;
42 + }
43 }
44
45 if (strcmp(p, request) == 0) {