From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Thu, 17 Nov 2022 23:21:54 +0000 (-0600)
Subject: Deal with null SASL fields
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=069f6c3f176bf6a79b34ae2d76fb642f48d11854;p=thirdparty%2Ffreeradius-server.git

Deal with null SASL fields
---

diff --git a/src/lib/ldap/sasl.c b/src/lib/ldap/sasl.c
index 9a04e3fa431..3ab369efae6 100644
--- a/src/lib/ldap/sasl.c
+++ b/src/lib/ldap/sasl.c
@@ -87,21 +87,37 @@ static int _sasl_interact(UNUSED LDAP *handle, UNUSED unsigned flags, void *uctx
 
 		switch (cb_p->id) {
 		case SASL_CB_AUTHNAME:
+			/*
+			 *	For mechs like -Y EXTERNAL we don't have
+			 *	any information to provide to SASL.
+			 */
+			if (!sasl_ctx->identity) {
+			null_result:
+				cb_p->result = NULL;
+				cb_p->len;
+				break;
+			}
 			cb_p->result = sasl_ctx->identity;
 			cb_p->len = strlen(sasl_ctx->identity);
 			break;
 
 		case SASL_CB_PASS:
+			if (!sasl_ctx->password) goto null_result;
+
 			cb_p->result = sasl_ctx->password;
 			cb_p->len = strlen(sasl_ctx->password);
 			break;
 
 		case SASL_CB_USER:
+			if (!sasl_ctx->proxy && !sasl_ctx->identity) goto null_result;
+
 			cb_p->result = sasl_ctx->proxy ? sasl_ctx->proxy : sasl_ctx->identity;
 			cb_p->len = sasl_ctx->proxy ? strlen(sasl_ctx->proxy) : strlen(sasl_ctx->identity);
 			break;
 
 		case SASL_CB_GETREALM:
+			if (!sasl_ctx->realm) goto null_result;
+
 			cb_p->result = sasl_ctx->realm;
 			cb_p->len = strlen(sasl_ctx->realm);
 			break;