uhttpd: - ignore authentication realms that refer to user accounts with no password set yet (X-Wrt compatibility) - fix off-by-one in CGI header parsing, fixes cgi programs that emit bad header lines (AsteriskGUI compatibility) - bump version

SVN-Revision: 21121

package/uhttpd/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uhttpd
-PKG_RELEASE:=8
+PKG_RELEASE:=9
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 

package/uhttpd/src/uhttpd-cgi.c

@@ -68,7 +68,7 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off)
 				if( (pos < len) && (buf[pos] == '\n') )
 					pos++;
 
-				if( pos < len )
+				if( pos <= len )
 				{
 					if( (hdrcount + 1) < array_size(res.headers) )
 					{

package/uhttpd/src/uhttpd-utils.c

@@ -622,10 +622,14 @@ struct auth_realm * uh_auth_add(char *path, char *user, char *pass)
 				min(strlen(pass), sizeof(new->pass) - 1));
 		}
 
-		uh_realm_count++;
+		if( new->pass[0] )
+		{
+			uh_realm_count++;
+			return new;
+		}
 	}
 
-	return new;
+	return NULL;
 }
 
 int uh_auth_check(

package/uhttpd/src/uhttpd.c

@@ -71,8 +71,8 @@ static void uh_config_parse(const char *path)
 				if( !uh_auth_add(line, user, pass) )
 				{
 					fprintf(stderr,
-						"Can not manage more than %i basic auth realms, "
-						"will skip the rest\n", UH_LIMIT_AUTHREALMS
+						"Notice: No password set for user %s, ignoring "
+						"authentication on %s\n", user, line
 					);
 
 					break;