From: Jo-Philipp Wich Date: Sat, 24 Apr 2010 11:07:41 +0000 (+0000) Subject: uhttpd: - ignore authentication realms that refer to user accounts with no password... X-Git-Tag: reboot~20108 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=3df8df720a35269b0aa69d3cc4fd7288b5445aa0;p=openwrt%2Fstaging%2Fchunkeey.git uhttpd: - ignore authentication realms that refer to user accounts with no password set yet (X-Wrt compatibility) - fix off-by-one in CGI header parsing, fixes cgi programs that emit bad header lines (AsteriskGUI compatibility) - bump version SVN-Revision: 21121 --- diff --git a/package/uhttpd/Makefile b/package/uhttpd/Makefile index 0f267be2af..0dcc6a900b 100644 --- a/package/uhttpd/Makefile +++ b/package/uhttpd/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uhttpd -PKG_RELEASE:=8 +PKG_RELEASE:=9 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) diff --git a/package/uhttpd/src/uhttpd-cgi.c b/package/uhttpd/src/uhttpd-cgi.c index 1a6c6ad4fe..855a72f569 100644 --- a/package/uhttpd/src/uhttpd-cgi.c +++ b/package/uhttpd/src/uhttpd-cgi.c @@ -68,7 +68,7 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off) if( (pos < len) && (buf[pos] == '\n') ) pos++; - if( pos < len ) + if( pos <= len ) { if( (hdrcount + 1) < array_size(res.headers) ) { diff --git a/package/uhttpd/src/uhttpd-utils.c b/package/uhttpd/src/uhttpd-utils.c index 96c0b82cda..caa6b12bc6 100644 --- a/package/uhttpd/src/uhttpd-utils.c +++ b/package/uhttpd/src/uhttpd-utils.c @@ -622,10 +622,14 @@ struct auth_realm * uh_auth_add(char *path, char *user, char *pass) min(strlen(pass), sizeof(new->pass) - 1)); } - uh_realm_count++; + if( new->pass[0] ) + { + uh_realm_count++; + return new; + } } - return new; + return NULL; } int uh_auth_check( diff --git a/package/uhttpd/src/uhttpd.c b/package/uhttpd/src/uhttpd.c index 9de77c814d..152e0b452a 100644 --- a/package/uhttpd/src/uhttpd.c +++ b/package/uhttpd/src/uhttpd.c @@ -71,8 +71,8 @@ static void uh_config_parse(const char *path) if( !uh_auth_add(line, user, pass) ) { fprintf(stderr, - "Can not manage more than %i basic auth realms, " - "will skip the rest\n", UH_LIMIT_AUTHREALMS + "Notice: No password set for user %s, ignoring " + "authentication on %s\n", user, line ); break;