httpd: pass authorization header to CGI if not Basic

Pass the Authorization header to CGI if not of type Basic. This will make it possible for CGI to verify authorization headers of type Bearer <token>. function old new delta handle_incoming_and_exit 2370 2379 +9 Signed-off-by: Alexander Vickberg <wickbergster@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2019-04-18 10:05:53 +02:00 · 2019-04-18 10:05:53 +02:00 · 049670fbbe
commit 049670fbbe
parent 210b52476c
1 changed files with 7 additions and 7 deletions
--- a/networking/httpd.c
+++ b/networking/httpd.c
@ -2384,7 +2384,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
 				bb_error_msg("header: '%s'", iobuf);
 #if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY
 			/* Try and do our best to parse more lines */
-			if ((STRNCASECMP(iobuf, "Content-Length:") == 0)) {
+			if (STRNCASECMP(iobuf, "Content-Length:") == 0) {
 				/* extra read only for POST */
 				if (prequest != request_GET
 # if ENABLE_FEATURE_HTTPD_CGI
@ -2410,13 +2410,13 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
 				 * "<user>:<passwd>" is base64 encoded.
 				 */
 				tptr = skip_whitespace(iobuf + sizeof("Authorization:")-1);
-				if (STRNCASECMP(tptr, "Basic") != 0)
+				if (STRNCASECMP(tptr, "Basic") == 0) {
+					tptr += sizeof("Basic")-1;
+					/* decodeBase64() skips whitespace itself */
+					decodeBase64(tptr);
+					authorized = check_user_passwd(urlcopy, tptr);
 					continue;
-				tptr += sizeof("Basic")-1;
-				/* decodeBase64() skips whitespace itself */
-				decodeBase64(tptr);
-				authorized = check_user_passwd(urlcopy, tptr);
-				continue;
+				}
 			}
 #endif
 #if ENABLE_FEATURE_HTTPD_RANGES