Google Git
Sign in
apache / httpd / ec1d14ccf6d4f8061f3aea0f4d9870f5c445f5c9
commitec1d14ccf6d4f8061f3aea0f4d9870f5c445f5c9[log] [tgz]
authorRuediger Pluem <rpluem@apache.org>Wed Jan 27 08:08:56 2021 +0000
committerRuediger Pluem <rpluem@apache.org>Wed Jan 27 08:08:56 2021 +0000
treede0043fc4b32e7120b500b4b646bfa7db953d6b9
parent3e4c918fba9fe8306eed1fcbdc19699af30e23b8 [diff]
Before doing any bind check that the provided username is not NULL and that the
password is neither NULL nor empty.

Binds with empty passwords always succeed, but in case the password of the
user was not empty subsequent LDAP operations fail.
This causes authentications that use user supplied credentials
(AuthLDAPInitialBindAsUser set to on) to fail with status code 500 instead of
401 if the user supplied an empty password.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885940 13f79535-47bb-0310-9956-ffa450edef68
1 file changed
tree: de0043fc4b32e7120b500b4b646bfa7db953d6b9
  1. build/
  2. changes-entries/
  3. docs/
  4. include/
  5. modules/
  6. os/
  7. server/
  8. srclib/
  9. support/
  10. test/
  11. .gdbinit
  12. .gitignore
  13. .travis.yml
  14. ABOUT_APACHE
  15. acinclude.m4
  16. ap.d
  17. Apache-apr2.dsw
  18. Apache.dsw
  19. apache_probes.d
  20. BuildAll.dsp
  21. BuildBin.dsp
  22. buildconf
  23. CHANGES
  24. CMakeLists.txt
  25. config.layout
  26. configure.in
  27. emacs-style
  28. httpd.dsp
  29. INSTALL
  30. InstallBin.dsp
  31. LAYOUT
  32. libapreq.dsp
  33. libhttpd.dsp
  34. LICENSE
  35. Makefile.in
  36. Makefile.win
  37. NOTICE
  38. NWGNUmakefile
  39. README
  40. README.CHANGES
  41. README.cmake
  42. README.platforms
  43. ROADMAP
  44. STATUS
  45. VERSIONING