diff options
author | Ruediger Pluem <rpluem@apache.org> | 2021-01-27 08:01:06 +0000 |
---|---|---|
committer | Ruediger Pluem <rpluem@apache.org> | 2021-01-27 08:01:06 +0000 |
commit | 3e4c918fba9fe8306eed1fcbdc19699af30e23b8 (patch) | |
tree | 2729f09fdfd7a0ac049418e424edb35f943a4c22 /modules/aaa | |
parent | 87fd23419c8f7cda920cc06f1e6acf87226220dd (diff) | |
download | httpd-3e4c918fba9fe8306eed1fcbdc19699af30e23b8.tar.gz |
Do not allow to set empty bind passwords to be set via AuthLDAPBindPassword
Binds with empty passwords always succeed, but in case the password of the
user was not empty subsequent LDAP operations fail.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885939 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/aaa')
-rw-r--r-- | modules/aaa/mod_authnz_ldap.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c index 08f5fa1bc9..592c1ef3ed 100644 --- a/modules/aaa/mod_authnz_ldap.c +++ b/modules/aaa/mod_authnz_ldap.c @@ -1719,6 +1719,10 @@ static const char *set_bind_password(cmd_parms *cmd, void *_cfg, const char *arg sec->bindpw = (char *)arg; } + if (!(*sec->bindpw)) { + return "Empty passwords are invalid for AuthLDAPBindPassword"; + } + return NULL; } |