X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=package%2Fbusybox%2Fpatches%2F310-passwd_access.patch;h=fef9d3a7a8caa1cebec5366b1f61afc58d7c4a44;hb=6b9e04991d241fdafbdf9e899e4ea1ac2c4f5cd4;hp=e69de29bb2d1d6434b8b29ae775ad8c2e48c5391;hpb=1e82faaa5e835b00676421b1c63bef541f8ca0d3;p=oweals%2Fopenwrt.git

diff --git a/package/busybox/patches/310-passwd_access.patch b/package/busybox/patches/310-passwd_access.patch
index e69de29bb2..fef9d3a7a8 100644
--- a/package/busybox/patches/310-passwd_access.patch
+++ b/package/busybox/patches/310-passwd_access.patch
@@ -0,0 +1,41 @@
+
+	Copyright (C) 2006 OpenWrt.org
+
+--- a/networking/httpd.c
++++ b/networking/httpd.c
+@@ -1716,21 +1716,32 @@ static int check_user_passwd(const char 
+ 
+ 		if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
+ 			char *md5_passwd;
++			int user_len_p1;
+ 
+ 			md5_passwd = strchr(cur->after_colon, ':');
+-			if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
++			user_len_p1 = md5_passwd + 1 - cur->after_colon;
++			if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) {
++				struct passwd *pwd = NULL;
++
++				pwd = getpwnam(&md5_passwd[4]);
++				if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!')
++					return 1;
++
++				md5_passwd = pwd->pw_passwd;
++				goto check_md5_pw;
++			} else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
+ 			 && md5_passwd[3] == '$' && md5_passwd[4]
+ 			) {
+ 				char *encrypted;
+-				int r, user_len_p1;
++				int r;
+ 
+ 				md5_passwd++;
+-				user_len_p1 = md5_passwd - cur->after_colon;
+ 				/* comparing "user:" */
+ 				if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {
+ 					continue;
+ 				}
+ 
++check_md5_pw:
+ 				encrypted = pw_encrypt(
+ 					user_and_passwd + user_len_p1 /* cleartext pwd from user */,
+ 					md5_passwd /*salt */, 1 /* cleanup */);