httpd: fix MD5-encrypted-in-httpd.conf password logic

function old new delta check_user_passwd 467 492 +25 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2012-02-01 02:42:54 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2012-02-01 02:42:54 +0100
commit: 35def51c9747895d38c11e3c41e62c3c68c92438 (patch)
tree: 7123ee794725e9d904a7d98865ad07f61e46cd6d /networking/httpd.c
parent: 428bd2d4337dbd83feb3c7d1fc04d840f548003c (diff)
download: busybox-w32-35def51c9747895d38c11e3c41e62c3c68c92438.tar.gz
busybox-w32-35def51c9747895d38c11e3c41e62c3c68c92438.tar.bz2
busybox-w32-35def51c9747895d38c11e3c41e62c3c68c92438.zip
1 files changed, 27 insertions, 23 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index 3f4e6aab7..0e4c697f8 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1776,6 +1776,16 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
                        colon_after_user = strchr(user_and_passwd, ':');
                        if (!colon_after_user)
                                goto bad_input;
+                        /* compare "user:" */
+                        if (cur->after_colon[0] != '*'
+                         && strncmp(cur->after_colon, user_and_passwd,
+                                        colon_after_user - user_and_passwd + 1) != 0
+                        ) {
+                                continue;
+                        }
+                        /* this cfg entry is '*' or matches username from peer */
                        passwd = strchr(cur->after_colon, ':');
                        if (!passwd)
                                goto bad_input;
@@ -1786,13 +1796,6 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
                                struct pam_conv conv_info = { &pam_talker, (void *) &userinfo };
                                pam_handle_t *pamh;
-                                /* compare "user:" */
-                                if (cur->after_colon[0] != '*'
-                                 && strncmp(cur->after_colon, user_and_passwd, colon_after_user - user_and_passwd + 1) != 0
-                                ) {
-                                        continue;
-                                }
-                                /* this cfg entry is '*' or matches username from peer */
                                *colon_after_user = '\0';
                                userinfo.name = user_and_passwd;
                                userinfo.pw = colon_after_user + 1;
@@ -1828,31 +1831,32 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
                                                passwd = result->sp_pwdp;
                                }
 #  endif
+                                /* In this case, passwd is ALWAYS encrypted:
+                                 * it came from /etc/passwd or /etc/shadow!
+                                 */
+                                goto check_encrypted;
 # endif /* ENABLE_PAM */
                        }
+                        /* Else: passwd is from httpd.conf, it is either plaintext or encrypted */
-                        /* compare "user:" */
-                        if (cur->after_colon[0] != '*'
+                        if (passwd[0] == '$' && isdigit(passwd[1])) {
-                         && strncmp(cur->after_colon, user_and_passwd, colon_after_user - user_and_passwd + 1) != 0
+                                char *encrypted;
-                        ) {
+ check_encrypted:
-                                continue;
+                                /* encrypt pwd from peer and check match with local one */
-                        }
+                                encrypted = pw_encrypt(
-                        /* this cfg entry is '*' or matches username from peer */
+                                        /* pwd (from peer): */  colon_after_user + 1,
-                        /* encrypt pwd from peer and check match with local one */
-                        {
-                                char *encrypted = pw_encrypt(
-                                        /* pwd: */  colon_after_user + 1,
                                        /* salt: */ passwd,
                                        /* cleanup: */ 0
                                );
                                r = strcmp(encrypted, passwd);
                                free(encrypted);
-                                goto end_check_passwd;
+                        } else {
+                                /* local passwd is from httpd.conf and it's plaintext */
+                                r = strcmp(colon_after_user + 1, passwd);
                        }
- bad_input: ;
+                        goto end_check_passwd;
                }
+ bad_input:
                /* Comparing plaintext "user:pass" in one go */
                r = strcmp(cur->after_colon, user_and_passwd);
 end_check_passwd:
author	Denys Vlasenko <vda.linux@googlemail.com>	2012-02-01 02:42:54 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2012-02-01 02:42:54 +0100
commit	35def51c9747895d38c11e3c41e62c3c68c92438 (patch)
tree	7123ee794725e9d904a7d98865ad07f61e46cd6d /networking/httpd.c
parent	428bd2d4337dbd83feb3c7d1fc04d840f548003c (diff)
download	busybox-w32-35def51c9747895d38c11e3c41e62c3c68c92438.tar.gz busybox-w32-35def51c9747895d38c11e3c41e62c3c68c92438.tar.bz2 busybox-w32-35def51c9747895d38c11e3c41e62c3c68c92438.zip

diff --git a/networking/httpd.c b/networking/httpd.c index 3f4e6aab7..0e4c697f8 100644 --- a/networking/httpd.c +++ b/networking/httpd.c
@@ -1776,6 +1776,16 @@ static int check_user_passwd(const char path, char user_and_passwd)
1776	colon_after_user = strchr(user_and_passwd, ':');	1776	colon_after_user = strchr(user_and_passwd, ':');
1777	if (!colon_after_user)	1777	if (!colon_after_user)
1778	goto bad_input;	1778	goto bad_input;
		1779
		1780	/* compare "user:" */
		1781	if (cur->after_colon[0] != '*'
		1782	&& strncmp(cur->after_colon, user_and_passwd,
		1783	colon_after_user - user_and_passwd + 1) != 0
		1784	) {
		1785	continue;
		1786	}
		1787	/* this cfg entry is '' or matches username from peer /
		1788
1779	passwd = strchr(cur->after_colon, ':');	1789	passwd = strchr(cur->after_colon, ':');
1780	if (!passwd)	1790	if (!passwd)
1781	goto bad_input;	1791	goto bad_input;
@@ -1786,13 +1796,6 @@ static int check_user_passwd(const char path, char user_and_passwd)
1786	struct pam_conv conv_info = { &pam_talker, (void *) &userinfo };	1796	struct pam_conv conv_info = { &pam_talker, (void *) &userinfo };
1787	pam_handle_t *pamh;	1797	pam_handle_t *pamh;
1788		1798
1789	/* compare "user:" */
1790	if (cur->after_colon[0] != '*'
1791	&& strncmp(cur->after_colon, user_and_passwd, colon_after_user - user_and_passwd + 1) != 0
1792	) {
1793	continue;
1794	}
1795	/* this cfg entry is '' or matches username from peer /
1796	*colon_after_user = '\0';	1799	*colon_after_user = '\0';
1797	userinfo.name = user_and_passwd;	1800	userinfo.name = user_and_passwd;
1798	userinfo.pw = colon_after_user + 1;	1801	userinfo.pw = colon_after_user + 1;
@@ -1828,31 +1831,32 @@ static int check_user_passwd(const char path, char user_and_passwd)
1828	passwd = result->sp_pwdp;	1831	passwd = result->sp_pwdp;
1829	}	1832	}
1830	# endif	1833	# endif
		1834	/* In this case, passwd is ALWAYS encrypted:
		1835	* it came from /etc/passwd or /etc/shadow!
		1836	*/
		1837	goto check_encrypted;
1831	# endif /* ENABLE_PAM */	1838	# endif /* ENABLE_PAM */
1832	}	1839	}
1833		1840	/* Else: passwd is from httpd.conf, it is either plaintext or encrypted */
1834	/* compare "user:" */	1841
1835	if (cur->after_colon[0] != '*'	1842	if (passwd[0] == '$' && isdigit(passwd[1])) {
1836	&& strncmp(cur->after_colon, user_and_passwd, colon_after_user - user_and_passwd + 1) != 0	1843	char *encrypted;
1837	) {	1844	check_encrypted:
1838	continue;	1845	/* encrypt pwd from peer and check match with local one */
1839	}	1846	encrypted = pw_encrypt(
1840	/* this cfg entry is '' or matches username from peer /	1847	/* pwd (from peer): */ colon_after_user + 1,
1841
1842	/* encrypt pwd from peer and check match with local one */
1843	{
1844	char *encrypted = pw_encrypt(
1845	/* pwd: */ colon_after_user + 1,
1846	/* salt: */ passwd,	1848	/* salt: */ passwd,
1847	/* cleanup: */ 0	1849	/* cleanup: */ 0
1848	);	1850	);
1849	r = strcmp(encrypted, passwd);	1851	r = strcmp(encrypted, passwd);
1850	free(encrypted);	1852	free(encrypted);
1851	goto end_check_passwd;	1853	} else {
		1854	/* local passwd is from httpd.conf and it's plaintext */
		1855	r = strcmp(colon_after_user + 1, passwd);
1852	}	1856	}
1853	bad_input: ;	1857	goto end_check_passwd;
1854	}	1858	}
1855		1859	bad_input:
1856	/* Comparing plaintext "user:pass" in one go */	1860	/* Comparing plaintext "user:pass" in one go */
1857	r = strcmp(cur->after_colon, user_and_passwd);	1861	r = strcmp(cur->after_colon, user_and_passwd);
1858	end_check_passwd:	1862	end_check_passwd: