Do not allow to set empty bind passwords to be set via AuthLDAPBindPassword Binds with empty passwords always succeed, but in case the password of the user was not empty subsequent LDAP operations fail. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885939 13f79535-47bb-0310-9956-ffa450edef68

commit: 3e4c918fba9fe8306eed1fcbdc19699af30e23b8 [log] [tgz]
author: Ruediger Pluem <rpluem@apache.org> Wed Jan 27 08:01:06 2021 +0000
committer: Ruediger Pluem <rpluem@apache.org> Wed Jan 27 08:01:06 2021 +0000
tree: 2729f09fdfd7a0ac049418e424edb35f943a4c22
parent: 87fd23419c8f7cda920cc06f1e6acf87226220dd [diff]
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 08f5fa1..592c1ef 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c

@@ -1719,6 +1719,10 @@
         sec->bindpw = (char *)arg;
     }
 
+    if (!(*sec->bindpw)) {
+        return "Empty passwords are invalid for AuthLDAPBindPassword";
+    }
+
     return NULL;
 }
commit	3e4c918fba9fe8306eed1fcbdc19699af30e23b8	[log] [tgz]
author	Ruediger Pluem <rpluem@apache.org>	Wed Jan 27 08:01:06 2021 +0000
committer	Ruediger Pluem <rpluem@apache.org>	Wed Jan 27 08:01:06 2021 +0000
tree	2729f09fdfd7a0ac049418e424edb35f943a4c22
parent	87fd23419c8f7cda920cc06f1e6acf87226220dd [diff]