summaryrefslogtreecommitdiff
path: root/package/busybox/patches/310-passwd_access.patch
blob: 868abfcd069d5bf8e0ad76b4792e35489863ee24 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
	Copyright (C) 2006 OpenWrt.org

diff -urN busybox.old/networking/httpd.c busybox.dev/networking/httpd.c
--- busybox.old/networking/httpd.c	2004-10-08 10:03:29.000000000 +0200
+++ busybox.dev/networking/httpd.c	2006-02-04 01:54:19.688016250 +0100
@@ -1467,12 +1467,26 @@
 		{
 			char *cipher;
 			char *pp;
+			char *ppnew = NULL;
+			struct passwd *pwd = NULL;
 
 			if(strncmp(p, request, u-request) != 0) {
 				/* user uncompared */
 				continue;
 			}
 			pp = strchr(p, ':');
+			if(pp && pp[1] == '$' && pp[2] == 'p' &&
+						 pp[3] == '$' && pp[4] &&
+						 (pwd = getpwnam(&pp[4])) != NULL) {
+				if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
+					prev = NULL;
+					continue;
+				}
+				ppnew = malloc(5 + strlen(pwd->pw_passwd));
+				ppnew[0] = ':';
+				strcpy(ppnew + 1, pwd->pw_passwd);
+				pp = ppnew;
+			}
 			if(pp && pp[1] == '$' && pp[2] == '1' &&
 						 pp[3] == '$' && pp[4]) {
 				pp++;
@@ -1482,6 +1492,10 @@
 				/* unauthorized */
 				continue;
 			}
+			if (ppnew) {
+				free(ppnew);
+				ppnew = NULL;
+			}
 		}
 #endif
 		if (strcmp(p, request) == 0) {