diff options
| author | John Crispin <blogic@openwrt.org> | 2013-06-21 16:54:37 +0000 |
|---|---|---|
| committer | John Crispin <blogic@openwrt.org> | 2013-06-21 16:54:37 +0000 |
| commit | f1b4824c865b228039d84b2605b2e7e4f34cddeb (patch) | |
| tree | 37c9cbe251e4fb790aaa72e862c35822be30b491 /package/utils/busybox/patches/310-passwd_access.patch | |
| parent | d2642de7494bba312bbb22cfeb3ad77130a10047 (diff) | |
| download | master-187ad058-f1b4824c865b228039d84b2605b2e7e4f34cddeb.tar.gz master-187ad058-f1b4824c865b228039d84b2605b2e7e4f34cddeb.tar.bz2 master-187ad058-f1b4824c865b228039d84b2605b2e7e4f34cddeb.zip | |
packages: clean up the package folder
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37007 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/utils/busybox/patches/310-passwd_access.patch')
| -rw-r--r-- | package/utils/busybox/patches/310-passwd_access.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/package/utils/busybox/patches/310-passwd_access.patch b/package/utils/busybox/patches/310-passwd_access.patch new file mode 100644 index 0000000000..daa1b99983 --- /dev/null +++ b/package/utils/busybox/patches/310-passwd_access.patch @@ -0,0 +1,41 @@ + + Copyright (C) 2006 OpenWrt.org + +--- a/networking/httpd.c ++++ b/networking/httpd.c +@@ -1700,21 +1700,32 @@ static int check_user_passwd(const char + + if (ENABLE_FEATURE_HTTPD_AUTH_MD5) { + char *md5_passwd; ++ int user_len_p1; + + md5_passwd = strchr(cur->after_colon, ':'); +- if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' ++ user_len_p1 = md5_passwd + 1 - cur->after_colon; ++ if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) { ++ struct passwd *pwd = NULL; ++ ++ pwd = getpwnam(&md5_passwd[4]); ++ if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!') ++ return 1; ++ ++ md5_passwd = pwd->pw_passwd; ++ goto check_md5_pw; ++ } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' + && md5_passwd[3] == '$' && md5_passwd[4] + ) { + char *encrypted; +- int r, user_len_p1; ++ int r; + + md5_passwd++; +- user_len_p1 = md5_passwd - cur->after_colon; + /* comparing "user:" */ + if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) { + continue; + } + ++check_md5_pw: + encrypted = pw_encrypt( + user_and_passwd + user_len_p1 /* cleartext pwd from user */, + md5_passwd /*salt */, 1 /* cleanup */); |