make pw_encrypt() return malloc'ed string.

text data bss dec hex filename 759802 604 6684 767090 bb472 busybox_old 759804 604 6676 767084 bb46c busybox_unstripped
author: Denis Vlasenko <vda.linux@googlemail.com> 2008-06-12 16:56:52 +0000
committer: Denis Vlasenko <vda.linux@googlemail.com> 2008-06-12 16:56:52 +0000
commit: fdddab0c61c55c25d4218d4370e2b16a7936a794 (patch)
tree: bf93480018a52ab051189222248b6d04af98d7d4 /networking/httpd.c
parent: 4ea83bf562c44a6792e7c77e7d87cba91f86f763 (diff)
download: busybox-fdddab0c61c55c25d4218d4370e2b16a7936a794.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index 78c6f4d1d..352a97d3c 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1721,7 +1721,6 @@ static int checkPerm(const char *path, const char *request)
 			}
 
 			if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
-				char *cipher;
 				char *pp;
 
 				if (strncmp(p, request, u - request) != 0) {
@@ -1732,9 +1731,10 @@ static int checkPerm(const char *path, const char *request)
 				if (pp && pp[1] == '$' && pp[2] == '1'
 				 && pp[3] == '$' && pp[4]
 				) {
-					pp++;
-					cipher = pw_encrypt(u+1, pp, 1);
-					if (strcmp(cipher, pp) == 0)
+					char *encrypted = pw_encrypt(u+1, ++pp, 1);
+					int r = strcmp(encrypted, pp);
+					free(encrypted);
+					if (r == 0)
 						goto set_remoteuser_var;   /* Ok */
 					/* unauthorized */
 					continue;
author	Denis Vlasenko <vda.linux@googlemail.com>	2008-06-12 16:56:52 +0000
committer	Denis Vlasenko <vda.linux@googlemail.com>	2008-06-12 16:56:52 +0000
commit	fdddab0c61c55c25d4218d4370e2b16a7936a794 (patch)
tree	bf93480018a52ab051189222248b6d04af98d7d4 /networking/httpd.c
parent	4ea83bf562c44a6792e7c77e7d87cba91f86f763 (diff)
download	busybox-fdddab0c61c55c25d4218d4370e2b16a7936a794.tar.gz