Closed negan07 closed 6 years ago
on the opensource part:
kernel, modules, libs, drivers are equal
here's the target readable files differences
`diff -urN target48/target/usr/etc/bftpd.conf.sample target50/target/usr/etc/bftpd.conf.sample --- target48/target/usr/etc/bftpd.conf.sample 2017-03-27 18:59:55.000000000 +0200 +++ target50/target/usr/etc/bftpd.conf.sample 2017-06-23 13:44:49.000000000 +0200 @@ -281,8 +281,8 @@ directory "/" { ALLOWCOMMAND_DELE="no" ALLOWCOMMAND_STOR="no"
`diff -urN /home/negan07/Desktop/D7000_V1.0.1.48_WW_src/Source/apps/bftpd-2.3/bftpd.fw.conf /home/negan07/Desktop/D7000_V1.0.1.50_WW_src/Source/apps/bftpd-2.3/bftpd.fw.conf --- /home/negan07/Desktop/D7000_V1.0.1.48_WW_src/Source/apps/bftpd-2.3/bftpd.fw.conf 2017-03-23 17:00:09.000000000 +0100 +++ /home/negan07/Desktop/D7000_V1.0.1.50_WW_src/Source/apps/bftpd-2.3/bftpd.fw.conf 2017-06-22 15:33:12.000000000 +0200 @@ -281,8 +281,8 @@ directory "/" { ALLOWCOMMAND_DELE="no" ALLOWCOMMAND_STOR="no"
undef WANT_GZIP
endif
+extern int adminpwd_lan_protect ; +extern int adminpwd_wan_protect ; +extern int is_remote ; + int state = STATE_CONNECTED; char user[USERLEN + 1]; struct sockaddr_in sa; @@ -268,7 +272,15 @@ respond with code 230 'User logged in, proceed'. */ if (all_file_readable_writable()){ state = STATE_USER;
bftpd_login("");
if(((adminpwd_lan_protect == 1) && (is_remote==0))
||((adminpwd_wan_protect == 1) && (is_remote==1)))
{
control_printf(SL_SUCCESS, "331 Password please.");
}
else
{
bftpd_login("");
} / bftpd_login(""); / } else { @@ -320,6 +332,12 @@ }
endif
endif
+/ It is a temp measure to fix issue that chrome can't response "331 password please" correctly/
if (password && (strcmp(password, "chrome@example.com") == 0)) {
control_printf(SL_FAILURE, "530 Login incorrect.");
state = STATE_CONNECTED;
}
if (bftpd_login(password)) { bftpd_log("Login as user '%s' failed.\n", user); control_printf(SL_FAILURE, "530 Login incorrect."); @@ -1540,6 +1558,13 @@ if (pre_write_script) run_script(pre_write_script, mapped);
// forbid mkdir in "/" or "/shares/" directory.
if (strlen(mapped) <= (strlen(dirname) + 8))
{
control_printf(SL_FAILURE, "451 Error: Unable to create directory.");
return;
}
if (mkdir(mapped, 0777)) { bftpd_log("Error: '%s' while trying to create directory '%s'.\n", strerror(errno), dirname); @@ -1693,6 +1718,15 @@ } / mapped = bftpd_cwd_mappath(strdup(strchr(params, ' ') + 1)); / mapped = bftpd_cwd_mappath(my_string);
// forbid chmod in "/" or "/shares/" directory.
if (strlen(mapped) <= (strlen(my_string) + 8))
{
free(my_string);
control_printf(SL_FAILURE, "550: An error occured on the server trying to CHMOD.");
return;
}
`diff -urN /home/negan07/Desktop/D7000_V1.0.1.48_WW_src/Source/apps/dnrd-2.19/src/master.c /home/negan07/Desktop/D7000_V1.0.1.50_WW_src/Source/apps/dnrd-2.19/src/master.c --- /home/negan07/Desktop/D7000_V1.0.1.48_WW_src/Source/apps/dnrd-2.19/src/master.c 2017-03-23 17:02:21.000000000 +0100 +++ /home/negan07/Desktop/D7000_V1.0.1.50_WW_src/Source/apps/dnrd-2.19/src/master.c 2017-06-23 13:16:45.000000000 +0200 @@ -66,6 +66,8 @@
define NTGR_APPS_URL1 "www.netgear.com"
endif
+#define NTGR_APPS_URL_TEMP "http.updates1.netgear.com" + typedef struct _string { unsigned int code; char *string; @@ -481,7 +483,8 @@ if (( (access("/tmp/blank_state.out",F_OK)==0) || (access("/tmp/dnshj.out",F_OK)==0) || (access("/tmp/brs_hijack.out",F_OK)==0)) && do_hack_dns && (rec->type == DNS_NAMEIP) && //if (do_hack_dns && (rec->type == DNS_NAMEIP) &&
ifdef GUI_V14
diff -urN /home/negan07/Desktop/D7000_V1.0.1.48_WW_src/Source/apps/dnrd-2.19/src/udp.c /home/negan07/Desktop/D7000_V1.0.1.50_WW_src/Source/apps/dnrd-2.19/src/udp.c --- /home/negan07/Desktop/D7000_V1.0.1.48_WW_src/Source/apps/dnrd-2.19/src/udp.c 2017-03-23 17:02:21.000000000 +0100 +++ /home/negan07/Desktop/D7000_V1.0.1.50_WW_src/Source/apps/dnrd-2.19/src/udp.c 2017-06-23 13:36:12.000000000 +0200 @@ -32,6 +32,7 @@
include
include
include
+#include
include "common.h"
include "relay.h"
include "cache.h"
@@ -65,6 +66,34 @@ } RR_t;
pragma pack(pop)
+#include
+static int print_console_func(const char *format, ...)
+{
if (access("/tmp/debug_dnrd_console", F_OK) == 0)
{ +#if 1 +#define CONSOLE "/dev/console"
static FILE* fp = NULL;
va_list arg;
if(fp == NULL)
{
fp = fopen(CONSOLE, "w");
if(fp == NULL)
{
printf("can't open %s \n", CONSOLE);
return 0;
}
}
va_start(arg, format);
vfprintf(fp, format, arg);
va_end(arg); +#endif
}
return 0; +}
int SYSTEM(const char *format, ...) { char buf[SYSTEM_BUF_SIZE]=""; @@ -379,6 +408,75 @@ }
ifdef GUI_V14
+#define ANSWER_IP_MAX 100 +char answer_ip[ANSWER_IP_MAX][32];
+/ get dns answer from reply pkts / +uint32_t get_answer_ip(char *data, int len, int answered_count) +{
int ret = 0;
RR_t dns_rr;
char *pt = data;
int i = 0, offset;
int parsered_count = 0, got_answered_count = 0;
uint32_t ret_ip = 0;
/ prepare data, eat dns query part /
while(*pt != 0)
pt ++;
pt = pt + 5;
while(i + sizeof(dns_rr) < len)
{
memcpy(&dns_rr, pt, sizeof(dns_rr));
parsered_count ++;
/ the answer is ipv4 address /
if(ntohs(dns_rr.rr_type) == 1)
{
if(i + sizeof(dns_rr) + 4 <= len)
{
pt = pt + sizeof(dns_rr);
memcpy(&ret_ip, pt, 4);
{
struct in_addr ip_ans;
ip_ans.s_addr = ret_ip;
strcpy(&answer_ip[got_answered_count ++][0], inet_ntoa(ip_ans));
print_console_func("get response %d: %s\n", answered_count, inet_ntoa(ip_ans));
if (got_answered_count >= ANSWER_IP_MAX)
{
print_console_func("no enough space\n");
break;
}
}
ret = 1;
if (parsered_count >= answered_count)
{
print_console_func("get all response\n");
break;
}
pt += 4;
}
//break;
}
else
{
offset = ntohs(dns_rr.rr_length) + sizeof(dns_rr);
if((i = i + offset) <= len)
{
/ Go to the next record /
pt = pt + offset;
}
}
}
return ret; +}
+#if 0 / get dns answer from reply pkts / uint32_t get_answer_ip(char *data, int len) { @@ -417,6 +515,7 @@ return ret_ip; }
endif
+#endif
/*
int answerip_i = 0;
int ret = 0;
log_debug(3, "handling socket %i", q->sock); if ((len = reply_recv(q, msg, UDP_MAXSIZE)) < 0) @@ -527,7 +628,8 @@ { sprintf_cname(&msg[12], len-12, buf, 256);
if(strcmp(buf,"updates1.netgear.com")==0)
//if(strcmp(buf,"updates1.netgear.com")==0)
if(strcmp(buf,"updates1.netgear.com")==0 || strcmp(buf,"http.updates1.netgear.com")==0) { state = nvram_safe_get("config_state"); if( strcmp(state,"configured")==0 || strcmp(state,"blankstate")==0) @@ -544,6 +646,33 @@ */ struct in_addr ip_ans; char ip1[32] = "";
memset(&answer_ip[0][0], 0, sizeof(answer_ip));
ret = get_answer_ip(&msg[12], len - 12, ntohs(((dnsheader_t *)msg)->ancount));
if(ret)
{
for (answerip_i=0; answerip_i<ANSWER_IP_MAX; answerip_i++)
{
memset(ip1, 0, sizeof(ip1));
strcpy(ip1, &answer_ip[answerip_i][0]);
if(ip1[0] && strcmp(ip1,"66.114.62.22")!=0 &&
strcmp(ip1,"66.114.62.29")!=0 &&
strcmp(ip1,"174.35.24.133")!=0 &&
strcmp(ip1,"101.96.10.64")!=0)
{
for(group_id = group_sid; group_id <= group_eid; group_id ++)
{
{
SYSTEM("/usr/sbin/iptables -t nat -D PREROUTING -i group%d -d %s -p tcp --dport 80 -j RETURN", group_id, ip1);
SYSTEM("/usr/sbin/iptables -t nat -I PREROUTING -i group%d -d %s -p tcp --dport 80 -j RETURN", group_id, ip1);
}
}
}
}
} +/* ip_ans.s_addr = get_answer_ip(&msg[12], len - 12); if(ip_ans.s_addr != 0) { @@ -557,6 +686,7 @@ } } }
/ / if(strcmp(ip2,"66.114.62.22")!=0 && strcmp(ip2,"66.114.62.29")!=0 && strcmp(ip2,ip1)!=0 && strcmp(ip2,"174.35.24.133")!=0) {`
`diff -urN /home/negan07/Desktop/D7000_V1.0.1.48_WW_src/Source/apps/mini_httpd-1.17beta1/mini_httpd.c /home/negan07/Desktop/D7000_V1.0.1.50_WW_src/Source/apps/mini_httpd-1.17beta1/mini_httpd.c --- /home/negan07/Desktop/D7000_V1.0.1.48_WW_src/Source/apps/mini_httpd-1.17beta1/mini_httpd.c 2017-03-27 17:13:40.000000000 +0200 +++ /home/negan07/Desktop/D7000_V1.0.1.50_WW_src/Source/apps/mini_httpd-1.17beta1/mini_httpd.c 2017-06-22 15:33:28.000000000 +0200 @@ -1458,8 +1458,8 @@ if( ((strstr(path,".gif")!=NULL) || (strstr(path,".css") !=NULL) || (strstr(path,".js") != NULL) || (strstr(path,".xml") != NULL) || (strstr(path,".jpg") != NULL))
@@ -2490,6 +2490,13 @@
+
+int is_usb_subdir_file(const char *dir) +{
+int is_symlink(char *buf) +{
+}
+int usb_subdir_is_symlink(char *buf) +{
static int is_readable(const char dir, const char name) { FILE *fp = NULL; char dir_a[2048]={0,}, auth[64];
user = usb_user_lookup(remote_ip); SC_CFPRINTF("####DEBUG dir=<%s>, name=<%s>\n",dir,name); if(*(dir+strlen(dir)-1) != '/')`