}
sent_pw = ap_pbase64decode(r->pool, auth_line);
+ if (sent_pw == NULL || *sent_pw == '\0') {
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "empty passwords are not accepted");
+ ret = HTTP_UNAUTHORIZED;
+ goto end;
+ }
+
sent_name = ap_getword (r->pool, &sent_pw, ':');
/* do not allow user to override realm setting of server */
if (strchr(sent_name, '@')) {