| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- Copyright (C) 2006 OpenWrt.org
- --- a/networking/httpd.c
- +++ b/networking/httpd.c
- @@ -1700,21 +1700,32 @@ static int check_user_passwd(const char
-
- if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
- char *md5_passwd;
- + int user_len_p1;
-
- md5_passwd = strchr(cur->after_colon, ':');
- - if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
- + user_len_p1 = md5_passwd + 1 - cur->after_colon;
- + if (md5_passwd && !strncmp(md5_passwd + 1, "$p$", 3)) {
- + struct passwd *pwd = NULL;
- +
- + pwd = getpwnam(&md5_passwd[4]);
- + if(!pwd->pw_passwd || !pwd->pw_passwd[0] || pwd->pw_passwd[0] == '!')
- + return 1;
- +
- + md5_passwd = pwd->pw_passwd;
- + goto check_md5_pw;
- + } else if (md5_passwd && md5_passwd[1] == '$' && md5_passwd[2] == '1'
- && md5_passwd[3] == '$' && md5_passwd[4]
- ) {
- char *encrypted;
- - int r, user_len_p1;
- + int r;
-
- md5_passwd++;
- - user_len_p1 = md5_passwd - cur->after_colon;
- /* comparing "user:" */
- if (strncmp(cur->after_colon, user_and_passwd, user_len_p1) != 0) {
- continue;
- }
-
- +check_md5_pw:
- encrypted = pw_encrypt(
- user_and_passwd + user_len_p1 /* cleartext pwd from user */,
- md5_passwd /*salt */, 1 /* cleanup */);
|
