X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/b5cb1795de1f0959de1e228bd2e784d1cea921a7..ad3a0dd2d13bd4d5a4d768d3cc592130ae2073e5:/package/busybox/patches/310-passwd_access.patch?ds=sidebyside

diff --git a/package/busybox/patches/310-passwd_access.patch b/package/busybox/patches/310-passwd_access.patch
index 22e6abcb0..6d0affd16 100644
--- a/package/busybox/patches/310-passwd_access.patch
+++ b/package/busybox/patches/310-passwd_access.patch
@@ -1,45 +1,41 @@
 
 	Copyright (C) 2006 OpenWrt.org
 
-Index: busybox-1.4.2/networking/httpd.c
-===================================================================
---- busybox-1.4.2.orig/networking/httpd.c	2007-06-04 13:21:32.190083032 +0200
-+++ busybox-1.4.2/networking/httpd.c	2007-06-04 13:21:34.401746808 +0200
-@@ -1402,12 +1402,26 @@
- 			if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
- 				char *cipher;
- 				char *pp;
-+				char *ppnew = NULL;
+--- a/networking/httpd.c
++++ b/networking/httpd.c
+@@ -1772,21 +1772,32 @@ static int check_user_passwd(const char 
+ 
+ 		if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
+ 			char *md5_passwd;
++			int user_len_p1;
+ 
+ 			md5_passwd = strchr(cur->after_colon, ':');
+-			if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
++			user_len_p1 = md5_passwd + 1 - cur->after_colon;
++			if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) {
 +				struct passwd *pwd = NULL;
++
++				pwd = getpwnam(&md5_passwd[4]);
++				if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!')
++					return 1;
++
++				md5_passwd = pwd->pw_passwd;
++				goto check_md5_pw;
++			} else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
+ 			 && md5_passwd[3] == '$' && md5_passwd[4]
+ 			) {
+ 				char *encrypted;
+-				int r, user_len_p1;
++				int r;
  
- 				if (strncmp(p, request, u-request) != 0) {
- 					/* user uncompared */
- 					continue;
- 				}
- 				pp = strchr(p, ':');
-+				if(pp && pp[1] == '$' && pp[2] == 'p' &&
-+						 pp[3] == '$' && pp[4] &&
-+					 (pwd = getpwnam(&pp[4])) != NULL) {
-+					if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
-+						prev = NULL;
-+						continue;
-+					}
-+					ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
-+					ppnew[0] = ':';
-+					strcpy(ppnew + 1, pwd->pw_passwd);
-+					pp = ppnew;
-+				}
- 				if (pp && pp[1] == '$' && pp[2] == '1' &&
- 						pp[3] == '$' && pp[4]) {
- 					pp++;
-@@ -1417,6 +1431,10 @@
- 					/* unauthorized */
+ 				md5_passwd++;
+-				user_len_p1 = md5_passwd - cur->after_colon;
+ 				/* comparing "user:" */
+ 				if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {
  					continue;
  				}
-+				if (ppnew) {
-+					free(ppnew);
-+					ppnew = NULL;
-+				}
- 			}
  
- 			if (strcmp(p, request) == 0) {
++check_md5_pw:
+ 				encrypted = pw_encrypt(
+ 					user_and_passwd + user_len_p1 /* cleartext pwd from user */,
+ 					md5_passwd /*salt */, 1 /* cleanup */);