X-Git-Url: http://git.rohieb.name/openwrt.git/blobdiff_plain/b0ccd00793948e0fe2456f25ff6ad0e99c2eaa9a..898721c9e0100e4144ac189b02ea90b2e3721c8b:/package/busybox/patches/310-passwd_access.patch

diff --git a/package/busybox/patches/310-passwd_access.patch b/package/busybox/patches/310-passwd_access.patch
index 3d4efb135..b6a06cfd7 100644
--- a/package/busybox/patches/310-passwd_access.patch
+++ b/package/busybox/patches/310-passwd_access.patch
@@ -1,42 +1,44 @@
 
 	Copyright (C) 2006 OpenWrt.org
 
-diff -urN busybox.old/networking/httpd.c busybox.dev/networking/httpd.c
---- busybox.old/networking/httpd.c	2004-10-08 10:03:29.000000000 +0200
-+++ busybox.dev/networking/httpd.c	2006-02-04 01:54:19.688016250 +0100
-@@ -1467,12 +1467,24 @@
- 		{
- 			char *cipher;
- 			char *pp;
-+			char *ppnew = NULL;
-+			struct passwd *pwd = NULL;
+diff -ruN busybox-1.3.1-old/networking/httpd.c busybox-1.3.1/networking/httpd.c
+--- busybox-1.3.1-old/networking/httpd.c	2006-12-28 18:17:23.000000000 +0100
++++ busybox-1.3.1/networking/httpd.c	2006-12-28 19:56:34.000000000 +0100
+@@ -1381,12 +1381,26 @@
+ 			if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
+ 				char *cipher;
+ 				char *pp;
++				char *ppnew = NULL;
++				struct passwd *pwd = NULL;
  
- 			if(strncmp(p, request, u-request) != 0) {
- 				/* user uncompared */
- 				continue;
- 			}
- 			pp = strchr(p, ':');
-+			if(pp && pp[1] == '!' && pp[2] == ':')
-+				continue;
-+			if(pp && pp[1] == '$' && pp[2] == 'p' &&
+ 				if (strncmp(p, request, u-request) != 0) {
+ 					/* user uncompared */
+ 					continue;
+ 				}
+ 				pp = strchr(p, ':');
++				if(pp && pp[1] == '$' && pp[2] == 'p' &&
 +						 pp[3] == '$' && pp[4] &&
-+						 (pwd = getpwnam(&pp[4])) != NULL) {
-+				ppnew = malloc(5 + strlen(pwd->pw_passwd));
-+				ppnew[0] = ':';
-+				strcpy(ppnew + 1, pwd->pw_passwd);
-+				pp = ppnew;
-+			}
- 			if(pp && pp[1] == '$' && pp[2] == '1' &&
- 						 pp[3] == '$' && pp[4]) {
- 				pp++;
-@@ -1482,6 +1492,10 @@
- 				/* unauthorized */
- 				continue;
++					 (pwd = getpwnam(&pp[4])) != NULL) {
++					if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
++						prev = NULL;
++						continue;
++					}
++					ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
++					ppnew[0] = ':';
++					strcpy(ppnew + 1, pwd->pw_passwd);
++					pp = ppnew;
++				}
+ 				if (pp && pp[1] == '$' && pp[2] == '1' &&
+ 						pp[3] == '$' && pp[4]) {
+ 					pp++;
+@@ -1396,6 +1410,10 @@
+ 					/* unauthorized */
+ 					continue;
+ 				}
++				if (ppnew) {
++					free(ppnew);
++					ppnew = NULL;
++				}
  			}
-+			if (ppnew) {
-+				free(ppnew);
-+				ppnew = NULL;
-+			}
- 		}
- #endif
- 		if (strcmp(p, request) == 0) {
+ 
+ 			if (strcmp(p, request) == 0) {