X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/4f17fe653b4bf22aa059b5f5fa5678ceebc18a67..03c1e266f1773bf19ec443a5c563ddfb0d13e49c:/package/busybox/patches/310-passwd_access.patch?ds=inline diff --git a/package/busybox/patches/310-passwd_access.patch b/package/busybox/patches/310-passwd_access.patch index b6a06cfd7..9a1cc95bb 100644 --- a/package/busybox/patches/310-passwd_access.patch +++ b/package/busybox/patches/310-passwd_access.patch @@ -1,44 +1,41 @@ Copyright (C) 2006 OpenWrt.org -diff -ruN busybox-1.3.1-old/networking/httpd.c busybox-1.3.1/networking/httpd.c ---- busybox-1.3.1-old/networking/httpd.c 2006-12-28 18:17:23.000000000 +0100 -+++ busybox-1.3.1/networking/httpd.c 2006-12-28 19:56:34.000000000 +0100 -@@ -1381,12 +1381,26 @@ - if (ENABLE_FEATURE_HTTPD_AUTH_MD5) { - char *cipher; - char *pp; -+ char *ppnew = NULL; +--- a/networking/httpd.c ++++ b/networking/httpd.c +@@ -1697,21 +1697,32 @@ static int check_user_passwd(const char + + if (ENABLE_FEATURE_HTTPD_AUTH_MD5) { + char *md5_passwd; ++ int user_len_p1; + + md5_passwd = strchr(cur->after_colon, ':'); +- if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' ++ user_len_p1 = md5_passwd + 1 - cur->after_colon; ++ if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) { + struct passwd *pwd = NULL; ++ ++ pwd = getpwnam(&md5_passwd[4]); ++ if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!') ++ return 1; ++ ++ md5_passwd = pwd->pw_passwd; ++ goto check_md5_pw; ++ } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' + && md5_passwd[3] == '$' && md5_passwd[4] + ) { + char *encrypted; +- int r, user_len_p1; ++ int r; - if (strncmp(p, request, u-request) != 0) { - /* user uncompared */ - continue; - } - pp = strchr(p, ':'); -+ if(pp && pp[1] == '$' && pp[2] == 'p' && -+ pp[3] == '$' && pp[4] && -+ (pwd = getpwnam(&pp[4])) != NULL) { -+ if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') { -+ prev = NULL; -+ continue; -+ } -+ ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd)); -+ ppnew[0] = ':'; -+ strcpy(ppnew + 1, pwd->pw_passwd); -+ pp = ppnew; -+ } - if (pp && pp[1] == '$' && pp[2] == '1' && - pp[3] == '$' && pp[4]) { - pp++; -@@ -1396,6 +1410,10 @@ - /* unauthorized */ + md5_passwd++; +- user_len_p1 = md5_passwd - cur->after_colon; + /* comparing "user:" */ + if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) { continue; } -+ if (ppnew) { -+ free(ppnew); -+ ppnew = NULL; -+ } - } - if (strcmp(p, request) == 0) { ++check_md5_pw: + encrypted = pw_encrypt( + user_and_passwd + user_len_p1 /* cleartext pwd from user */, + md5_passwd /*salt */, 1 /* cleanup */);