package/busybox/patches/310-passwd_access.patch

   1
   2         Copyright (C) 2006 OpenWrt.org
   3
   4 diff -ruN busybox-1.3.1-old/networking/httpd.c busybox-1.3.1/networking/httpd.c
   5 --- busybox-1.3.1-old/networking/httpd.c        2006-12-28 18:17:23.000000000 +0100
   6 +++ busybox-1.3.1/networking/httpd.c    2006-12-28 19:56:34.000000000 +0100
   7 @@ -1381,12 +1381,26 @@
   8                         if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
   9                                 char *cipher;
  10                                 char *pp;
  11 +                               char *ppnew = NULL;
  12 +                               struct passwd *pwd = NULL;
  13
  14                                 if (strncmp(p, request, u-request) != 0) {
  15                                         /* user uncompared */
  16                                         continue;
  17                                 }
  18                                 pp = strchr(p, ':');
  19 +                               if(pp && pp[1] == '$' && pp[2] == 'p' &&
  20 +                                                pp[3] == '$' && pp[4] &&
  21 +                                        (pwd = getpwnam(&pp[4])) != NULL) {
  22 +                                       if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
  23 +                                               prev = NULL;
  24 +                                               continue;
  25 +                                       }
  26 +                                       ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
  27 +                                       ppnew[0] = ':';
  28 +                                       strcpy(ppnew + 1, pwd->pw_passwd);
  29 +                                       pp = ppnew;
  30 +                               }
  31                                 if (pp && pp[1] == '$' && pp[2] == '1' &&
  32                                                 pp[3] == '$' && pp[4]) {
  33                                         pp++;
  34 @@ -1396,6 +1410,10 @@
  35                                         /* unauthorized */
  36                                         continue;
  37                                 }
  38 +                               if (ppnew) {
  39 +                                       free(ppnew);
  40 +                                       ppnew = NULL;
  41 +                               }
  42                         }
  43
  44                         if (strcmp(p, request) == 0) {