From: Magnus Hagander <magnus@hagander.net>
Date: Thu, 25 Jun 2009 11:30:12 +0000 (+0000)
Subject: Disallow empty passwords in LDAP authentication, the same way
X-Git-Tag: REL8_3_8~30
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e3eb8f6cc2f96855af33f4500a4f9e336ea6a3e3;p=postgresql

Disallow empty passwords in LDAP authentication, the same way
we already do it for PAM.
---

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 031a9d4f54..0c9fc850db 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164.2.1 2008/07/24 17:52:02 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164.2.2 2009/06/25 11:30:12 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1457,6 +1457,13 @@ CheckLDAPAuth(Port *port)
 	if (passwd == NULL)
 		return STATUS_EOF;		/* client wouldn't send password */
 
+	if (strlen(passwd) == 0)
+	{
+		ereport(LOG,
+				(errmsg("empty password returned by client")));
+		return STATUS_ERROR;
+	}
+
 	ldap = ldap_init(server, ldapport);
 	if (!ldap)
 	{