On Sun, Nov 6, 2011 at 10:08 AM, Pascal Bellard
<[email protected]> wrote:
> In httpd.conf, users and passwds are stored with way: '/path:user:password'
> The following patch add '/path:user:*' to look for password in /etc/passwd
> and '/path:*:*' to allow any user account with a password.
>
> http://hg.slitaz.org/wok-undigest/raw-file/5545842dea8c/busybox/stuff/busybox-1.19-httpd.u
>
> The code is enabled by HTTPD_AUTH_MD5 feature.
> Both PAM and shadow passwords are supported.
const char *unencrypted =
strchr(user_and_passwd, ':') + 1;
what if user_and_passwd has no ':'?
const char *passwd = strchr(cur->after_colon, ':');
int user_len_p1 = unencrypted - user_and_passwd;
char username[256];
strncpy(username, user_and_passwd, user_len_p1);
username[user_len_p1 - 1] = '\0';
what if user_len_p1 > 256?
Please check my changes:
http://git.busybox.net/busybox/commit/?id=7291755439ad2f400df51a74b4e9a31a48f484b1
--
vda
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
