Root/
Source at commit 99c6c73 created 13 years 10 months ago. By Lars-Peter Clausen, reset to backfire. | |
---|---|
1 | |
2 | Copyright (C) 2006 OpenWrt.org |
3 | |
4 | --- a/networking/httpd.c |
5 | +++ b/networking/httpd.c |
6 | @@ -1699,21 +1699,32 @@ static int check_user_passwd(const char |
7 | |
8 | if (ENABLE_FEATURE_HTTPD_AUTH_MD5) { |
9 | char *md5_passwd; |
10 | + int user_len_p1; |
11 | |
12 | md5_passwd = strchr(cur->after_colon, ':'); |
13 | - if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' |
14 | + user_len_p1 = md5_passwd + 1 - cur->after_colon; |
15 | + if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) { |
16 | + struct passwd *pwd = NULL; |
17 | + |
18 | + pwd = getpwnam(&md5_passwd[4]); |
19 | + if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!') |
20 | + return 1; |
21 | + |
22 | + md5_passwd = pwd->pw_passwd; |
23 | + goto check_md5_pw; |
24 | + } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' |
25 | && md5_passwd[3] == '$' && md5_passwd[4] |
26 | ) { |
27 | char *encrypted; |
28 | - int r, user_len_p1; |
29 | + int r; |
30 | |
31 | md5_passwd++; |
32 | - user_len_p1 = md5_passwd - cur->after_colon; |
33 | /* comparing "user:" */ |
34 | if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) { |
35 | continue; |
36 | } |
37 | |
38 | +check_md5_pw: |
39 | encrypted = pw_encrypt( |
40 | user_and_passwd + user_len_p1 /* cleartext pwd from user */, |
41 | md5_passwd /*salt */, 1 /* cleanup */); |
42 |