Copyright (C) 2006 OpenWrt.org
-Index: busybox-1.7.2/networking/httpd.c
-===================================================================
---- busybox-1.7.2.orig/networking/httpd.c 2007-10-30 15:34:59.000000000 -0500
-+++ busybox-1.7.2/networking/httpd.c 2007-10-30 15:35:03.000000000 -0500
-@@ -1527,12 +1527,26 @@
- if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
- char *cipher;
- char *pp;
-+ char *ppnew = NULL;
+--- a/networking/httpd.c
++++ b/networking/httpd.c
+@@ -1717,21 +1717,32 @@ static int check_user_passwd(const char
+
+ if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
+ char *md5_passwd;
++ int user_len_p1;
+
+ md5_passwd = strchr(cur->after_colon, ':');
+- if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
++ user_len_p1 = md5_passwd + 1 - cur->after_colon;
++ if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) {
+ struct passwd *pwd = NULL;
++
++ pwd = getpwnam(&md5_passwd[4]);
++ if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!')
++ return 1;
++
++ md5_passwd = pwd->pw_passwd;
++ goto check_md5_pw;
++ } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
+ && md5_passwd[3] == '$' && md5_passwd[4]
+ ) {
+ char *encrypted;
+- int r, user_len_p1;
++ int r;
- if (strncmp(p, request, u - request) != 0) {
- /* user doesn't match */
- continue;
- }
- pp = strchr(p, ':');
-+ if(pp && pp[1] == '$' && pp[2] == 'p' &&
-+ pp[3] == '$' && pp[4] &&
-+ (pwd = getpwnam(&pp[4])) != NULL) {
-+ if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
-+ prev = NULL;
-+ continue;
-+ }
-+ ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
-+ ppnew[0] = ':';
-+ strcpy(ppnew + 1, pwd->pw_passwd);
-+ pp = ppnew;
-+ }
- if (pp && pp[1] == '$' && pp[2] == '1'
- && pp[3] == '$' && pp[4]
- ) {
-@@ -1543,6 +1557,10 @@
- /* unauthorized */
+ md5_passwd++;
+- user_len_p1 = md5_passwd - cur->after_colon;
+ /* comparing "user:" */
+ if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {
continue;
}
-+ if (ppnew) {
-+ free(ppnew);
-+ ppnew = NULL;
-+ }
- }
- if (strcmp(p, request) == 0) {
++check_md5_pw:
+ encrypted = pw_encrypt(
+ user_and_passwd + user_len_p1 /* cleartext pwd from user */,
+ md5_passwd /*salt */, 1 /* cleanup */);