2 Copyright (C) 2006 OpenWrt.org
4 --- a/networking/httpd.c
5 +++ b/networking/httpd.c
6 @@ -1699,21 +1699,32 @@ static int check_user_passwd(const char
8 if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
12 md5_passwd = strchr(cur->after_colon, ':');
13 - if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
14 + user_len_p1 = md5_passwd + 1 - cur->after_colon;
15 + if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) {
16 + struct passwd *pwd = NULL;
18 + pwd = getpwnam(&md5_passwd[4]);
19 + if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!')
22 + md5_passwd = pwd->pw_passwd;
24 + } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
25 && md5_passwd[3] == '$' && md5_passwd[4]
32 - user_len_p1 = md5_passwd - cur->after_colon;
33 /* comparing "user:" */
34 if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {
39 encrypted = pw_encrypt(
40 user_and_passwd + user_len_p1 /* cleartext pwd from user */,
41 md5_passwd /*salt */, 1 /* cleanup */);