From c8f3b2fbdd124d0e2be31b27263b224bc4674e09 Mon Sep 17 00:00:00 2001
From: kouril <kouril>
Date: Thu, 5 Feb 2004 14:05:50 +0000
Subject: [PATCH] don't accept empty passwords

---
 src/mod_auth_kerb.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index 5a1f627..edd5ab0 100644
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -651,6 +651,13 @@ int authenticate_user_krb5pwd(request_rec *r,
    }
 
    sent_pw = ap_pbase64decode(r->pool, auth_line);
+   if (sent_pw == NULL || *sent_pw == '\0') {
+      log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 
+	         "empty passwords are not accepted");
+      ret = HTTP_UNAUTHORIZED;
+      goto end;
+   }
+
    sent_name = ap_getword (r->pool, &sent_pw, ':');
    /* do not allow user to override realm setting of server */
    if (strchr(sent_name, '@')) {
-- 
2.1.4