Hi,
Pass the Authorization header to CGI if not of type Basic. This will
make it possible for CGI to verify authorization headers of type
Bearer <token>.
Signed-off-by: Alexander Vickberg <[email protected]>
function old new delta
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/0 up/down: 0/0) Total: 0 bytes
text data bss dec hex filename
1020392 17219 1888 1039499 fdc8b busybox_old
1020392 17219 1888 1039499 fdc8b busybox_unstripped
diff --git a/networking/httpd.c b/networking/httpd.c
index 2b0acd7dc..e73e62093 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2367,13 +2367,13 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
* "<user>:<passwd>" is base64 encoded.
*/
tptr = skip_whitespace(iobuf + sizeof("Authorization:")-1);
- if (STRNCASECMP(tptr, "Basic") != 0)
+ if (STRNCASECMP(tptr, "Basic") == 0) {
+ tptr += sizeof("Basic")-1;
+ /* decodeBase64() skips whitespace itself */
+ decodeBase64(tptr);
+ authorized = check_user_passwd(urlcopy, tptr);
continue;
- tptr += sizeof("Basic")-1;
- /* decodeBase64() skips whitespace itself */
- decodeBase64(tptr);
- authorized = check_user_passwd(urlcopy, tptr);
- continue;
+ }
}
#endif
#if ENABLE_FEATURE_HTTPD_RANGES
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
