Do not allow to set empty bind passwords to be set via AuthLDAPBindPassword

Binds with empty passwords always succeed, but in case the password of the user was not empty subsequent LDAP operations fail. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885939 13f79535-47bb-0310-9956-ffa450edef68
author: Ruediger Pluem <rpluem@apache.org> 2021-01-27 08:01:06 +0000
committer: Ruediger Pluem <rpluem@apache.org> 2021-01-27 08:01:06 +0000
commit: 3e4c918fba9fe8306eed1fcbdc19699af30e23b8 (patch)
tree: 2729f09fdfd7a0ac049418e424edb35f943a4c22 /modules/aaa
parent: 87fd23419c8f7cda920cc06f1e6acf87226220dd (diff)
download: httpd-3e4c918fba9fe8306eed1fcbdc19699af30e23b8.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 08f5fa1bc9..592c1ef3ed 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -1719,6 +1719,10 @@ static const char *set_bind_password(cmd_parms *cmd, void *_cfg, const char *arg
         sec->bindpw = (char *)arg;
     }
 
+    if (!(*sec->bindpw)) {
+        return "Empty passwords are invalid for AuthLDAPBindPassword";
+    }
+
     return NULL;
 }
author	Ruediger Pluem <rpluem@apache.org>	2021-01-27 08:01:06 +0000
committer	Ruediger Pluem <rpluem@apache.org>	2021-01-27 08:01:06 +0000
commit	3e4c918fba9fe8306eed1fcbdc19699af30e23b8 (patch)
tree	2729f09fdfd7a0ac049418e424edb35f943a4c22 /modules/aaa
parent	87fd23419c8f7cda920cc06f1e6acf87226220dd (diff)
download	httpd-3e4c918fba9fe8306eed1fcbdc19699af30e23b8.tar.gz