diff options
Diffstat (limited to 'package/utils/busybox/patches/310-passwd_access.patch')
-rw-r--r-- | package/utils/busybox/patches/310-passwd_access.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/package/utils/busybox/patches/310-passwd_access.patch b/package/utils/busybox/patches/310-passwd_access.patch deleted file mode 100644 index daa1b99983..0000000000 --- a/package/utils/busybox/patches/310-passwd_access.patch +++ /dev/null @@ -1,41 +0,0 @@ - - Copyright (C) 2006 OpenWrt.org - ---- a/networking/httpd.c -+++ b/networking/httpd.c -@@ -1700,21 +1700,32 @@ static int check_user_passwd(const char - - if (ENABLE_FEATURE_HTTPD_AUTH_MD5) { - char *md5_passwd; -+ int user_len_p1; - - md5_passwd = strchr(cur->after_colon, ':'); -- if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' -+ user_len_p1 = md5_passwd + 1 - cur->after_colon; -+ if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) { -+ struct passwd *pwd = NULL; -+ -+ pwd = getpwnam(&md5_passwd[4]); -+ if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!') -+ return 1; -+ -+ md5_passwd = pwd->pw_passwd; -+ goto check_md5_pw; -+ } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1' - && md5_passwd[3] == '$' && md5_passwd[4] - ) { - char *encrypted; -- int r, user_len_p1; -+ int r; - - md5_passwd++; -- user_len_p1 = md5_passwd - cur->after_colon; - /* comparing "user:" */ - if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) { - continue; - } - -+check_md5_pw: - encrypted = pw_encrypt( - user_and_passwd + user_len_p1 /* cleartext pwd from user */, - md5_passwd /*salt */, 1 /* cleanup */); |