summaryrefslogtreecommitdiff
path: root/networking
diff options
context:
space:
mode:
authorAlexander Vickberg2019-04-18 10:05:53 +0200
committerDenys Vlasenko2019-04-18 10:06:39 +0200
commit049670fbbe8022e0e38909aa3de189c06e34ad7d (patch)
treef594a93686a905572a89404e53484ca29186dd55 /networking
parent210b52476c86fb8411f6b0fd12d4e76875c474e5 (diff)
downloadbusybox-049670fbbe8022e0e38909aa3de189c06e34ad7d.zip
busybox-049670fbbe8022e0e38909aa3de189c06e34ad7d.tar.gz
httpd: pass authorization header to CGI if not Basic
Pass the Authorization header to CGI if not of type Basic. This will make it possible for CGI to verify authorization headers of type Bearer <token>. function old new delta handle_incoming_and_exit 2370 2379 +9 Signed-off-by: Alexander Vickberg <wickbergster@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking')
-rw-r--r--networking/httpd.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index 0f4f226..0b5d2b4 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2384,7 +2384,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
bb_error_msg("header: '%s'", iobuf);
#if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY
/* Try and do our best to parse more lines */
- if ((STRNCASECMP(iobuf, "Content-Length:") == 0)) {
+ if (STRNCASECMP(iobuf, "Content-Length:") == 0) {
/* extra read only for POST */
if (prequest != request_GET
# if ENABLE_FEATURE_HTTPD_CGI
@@ -2410,13 +2410,13 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
* "<user>:<passwd>" is base64 encoded.
*/
tptr = skip_whitespace(iobuf + sizeof("Authorization:")-1);
- if (STRNCASECMP(tptr, "Basic") != 0)
+ if (STRNCASECMP(tptr, "Basic") == 0) {
+ tptr += sizeof("Basic")-1;
+ /* decodeBase64() skips whitespace itself */
+ decodeBase64(tptr);
+ authorized = check_user_passwd(urlcopy, tptr);
continue;
- tptr += sizeof("Basic")-1;
- /* decodeBase64() skips whitespace itself */
- decodeBase64(tptr);
- authorized = check_user_passwd(urlcopy, tptr);
- continue;
+ }
}
#endif
#if ENABLE_FEATURE_HTTPD_RANGES