From: kouril <kouril>
Date: Thu, 5 Feb 2004 14:05:50 +0000 (+0000)
Subject: don't accept empty passwords
X-Git-Tag: v5.0-rc5~24
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_kerb.cvs%2F.git;a=commitdiff_plain;h=c8f3b2fbdd124d0e2be31b27263b224bc4674e09

don't accept empty passwords
---

diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index 5a1f627..edd5ab0 100644
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -651,6 +651,13 @@ int authenticate_user_krb5pwd(request_rec *r,
    }
 
    sent_pw = ap_pbase64decode(r->pool, auth_line);
+   if (sent_pw == NULL || *sent_pw == '\0') {
+      log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 
+	         "empty passwords are not accepted");
+      ret = HTTP_UNAUTHORIZED;
+      goto end;
+   }
+
    sent_name = ap_getword (r->pool, &sent_pw, ':');
    /* do not allow user to override realm setting of server */
    if (strchr(sent_name, '@')) {