OpenWrt XBurst

OpenWrt XBurst Git Source Tree

1
2	Copyright (C) 2006 OpenWrt.org
3
4	--- a/networking/httpd.c
5	+++ b/networking/httpd.c
6	@@ -1742,21 +1742,32 @@ static int check_user_passwd(const char
7
8	if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
9	char *md5_passwd;
10	+ int user_len_p1;
11
12	md5_passwd = strchr(cur->after_colon, ':');
13	- if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
14	+ user_len_p1 = md5_passwd + 1 - cur->after_colon;
15	+ if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) {
16	+ struct passwd *pwd = NULL;
17	+
18	+ pwd = getpwnam(&md5_passwd[4]);
19	+ if(!pwd->pw_passwd \|\| !pwd->pw_passwd[0] \|\| pwd->pw_passwd[0] == '!')
20	+ return 1;
21	+
22	+ md5_passwd = pwd->pw_passwd;
23	+ goto check_md5_pw;
24	+ } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
25	&& md5_passwd[3] == '$' && md5_passwd[4]
26	) {
27	char *encrypted;
28	- int r, user_len_p1;
29	+ int r;
30
31	md5_passwd++;
32	- user_len_p1 = md5_passwd - cur->after_colon;
33	/* comparing "user:" */
34	if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {
35	continue;
36	}
37
38	+check_md5_pw:
39	encrypted = pw_encrypt(
40	user_and_passwd + user_len_p1 /* cleartext pwd from user */,
41	md5_passwd /salt /, 1 /* cleanup */);
42

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl