From: Marco Bettini <marco.bettini@open-xchange.com>
Date: Wed, 9 Oct 2024 07:51:35 +0000 (+0000)
Subject: lib-ldap: ldap_connection_setup() - Check also for empty strings
X-Git-Tag: 2.4.0~135
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=48ab52422aa798c083c5ced1b54c46808200771e;p=thirdparty%2Fdovecot%2Fcore.git

lib-ldap: ldap_connection_setup() - Check also for empty strings
---

diff --git a/src/lib-ldap/ldap-connection.c b/src/lib-ldap/ldap-connection.c
index a6c8b984cb..7a886675de 100644
--- a/src/lib-ldap/ldap-connection.c
+++ b/src/lib-ldap/ldap-connection.c
@@ -79,7 +79,7 @@ int ldap_connection_setup(struct ldap_connection *conn, const char **error_r)
 		ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CACERTFILE,
 				conn->ssl_set.ca.path);
 	}
-	if (conn->ssl_set.ca_dir != NULL)
+	if (conn->ssl_set.ca_dir != NULL && conn->ssl_set.ca_dir[0] != '\0')
 		ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CACERTDIR, conn->ssl_set.ca_dir);
 
 #ifdef LDAP_OPT_X_TLS_CERT
@@ -88,14 +88,14 @@ int ldap_connection_setup(struct ldap_connection *conn, const char **error_r)
 	if (conn->ssl_set.cert.key.content != NULL)
 		ldap_set_option(conn->conn, LDAP_OPT_X_TLS_KEYFILE, conn->ssl_set.cert.key.content);
 #endif
-	if (conn->ssl_set.cipher_list != NULL) {
+	if (conn->ssl_set.cipher_list != NULL && conn->ssl_set.cipher_list[0] != '\0') {
 		/* NOTE: OpenLDAP's CIPHER_SUITE is actually using OpenSSL's
 		   cipher_list, not ciphersuites. */
 		ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CIPHER_SUITE, conn->ssl_set.cipher_list);
 	}
-	if (conn->ssl_set.min_protocol != NULL)
+	if (conn->ssl_set.min_protocol != NULL && conn->ssl_set.min_protocol[0] != '\0')
 		ldap_set_option(conn->conn, LDAP_OPT_X_TLS_PROTOCOL_MIN, conn->ssl_set.min_protocol);
-	if (conn->ssl_set.curve_list != NULL)
+	if (conn->ssl_set.curve_list != NULL && conn->ssl_set.curve_list[0] != '\0')
 		ldap_set_option(conn->conn, LDAP_OPT_X_TLS_ECNAME, conn->ssl_set.curve_list);
 
 	opt = conn->set.debug_level;
@@ -157,7 +157,7 @@ int ldap_connection_init(struct ldap_client *client,
 			 const struct ldap_client_settings *set,
 			 struct ldap_connection **conn_r, const char **error_r)
 {
-	i_assert(set->uris != NULL);
+	i_assert(set->uris != NULL && set->uris[0] != '\0');
 
 	if (set->require_ssl &&
 	    !set->starttls &&