[git commit] httpd: pass authorization header to CGI if not Basic

Denys Vlasenko vda.linux at googlemail.com
Thu Apr 18 08:06:39 UTC 2019


commit: https://git.busybox.net/busybox/commit/?id=049670fbbe8022e0e38909aa3de189c06e34ad7d
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Pass the Authorization header to CGI if not of type Basic. This will
make it possible for CGI to verify authorization headers of type
Bearer <token>.

function                                             old     new   delta
handle_incoming_and_exit                            2370    2379      +9

Signed-off-by: Alexander Vickberg <wickbergster at gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 networking/httpd.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/networking/httpd.c b/networking/httpd.c
index 0f4f22669..0b5d2b481 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2384,7 +2384,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
 				bb_error_msg("header: '%s'", iobuf);
 #if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY
 			/* Try and do our best to parse more lines */
-			if ((STRNCASECMP(iobuf, "Content-Length:") == 0)) {
+			if (STRNCASECMP(iobuf, "Content-Length:") == 0) {
 				/* extra read only for POST */
 				if (prequest != request_GET
 # if ENABLE_FEATURE_HTTPD_CGI
@@ -2410,13 +2410,13 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
 				 * "<user>:<passwd>" is base64 encoded.
 				 */
 				tptr = skip_whitespace(iobuf + sizeof("Authorization:")-1);
-				if (STRNCASECMP(tptr, "Basic") != 0)
+				if (STRNCASECMP(tptr, "Basic") == 0) {
+					tptr += sizeof("Basic")-1;
+					/* decodeBase64() skips whitespace itself */
+					decodeBase64(tptr);
+					authorized = check_user_passwd(urlcopy, tptr);
 					continue;
-				tptr += sizeof("Basic")-1;
-				/* decodeBase64() skips whitespace itself */
-				decodeBase64(tptr);
-				authorized = check_user_passwd(urlcopy, tptr);
-				continue;
+				}
 			}
 #endif
 #if ENABLE_FEATURE_HTTPD_RANGES


More information about the busybox-cvs mailing list