Do not allow to set empty bind passwords to be set via AuthLDAPBindPassword

Binds with empty passwords always succeed, but in case the password of the
user was not empty subsequent LDAP operations fail.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885939 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 08f5fa1bc97c894d651c98d998445f6a151503bc..592c1ef3ed81dcb80ab1c58d695968b88b78f984 100644 (file)
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -1719,6 +1719,10 @@ static const char *set_bind_password(cmd_parms *cmd, void *_cfg, const char *arg
         sec->bindpw = (char *)arg;
     }
 
+    if (!(*sec->bindpw)) {
+        return "Empty passwords are invalid for AuthLDAPBindPassword";
+    }
+
     return NULL;
 }