projects
/
mod_auth_kerb.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
efa6775
)
don't accept empty passwords
author
kouril
<kouril>
Thu, 5 Feb 2004 14:05:50 +0000
(14:05 +0000)
committer
kouril
<kouril>
Thu, 5 Feb 2004 14:05:50 +0000
(14:05 +0000)
src/mod_auth_kerb.c
patch
|
blob
|
history
diff --git
a/src/mod_auth_kerb.c
b/src/mod_auth_kerb.c
index
5a1f627
..
edd5ab0
100644
(file)
--- a/
src/mod_auth_kerb.c
+++ b/
src/mod_auth_kerb.c
@@
-651,6
+651,13
@@
int authenticate_user_krb5pwd(request_rec *r,
}
sent_pw = ap_pbase64decode(r->pool, auth_line);
}
sent_pw = ap_pbase64decode(r->pool, auth_line);
+ if (sent_pw == NULL || *sent_pw == '\0') {
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "empty passwords are not accepted");
+ ret = HTTP_UNAUTHORIZED;
+ goto end;
+ }
+
sent_name = ap_getword (r->pool, &sent_pw, ':');
/* do not allow user to override realm setting of server */
if (strchr(sent_name, '@')) {
sent_name = ap_getword (r->pool, &sent_pw, ':');
/* do not allow user to override realm setting of server */
if (strchr(sent_name, '@')) {