Refuse empty old and/or new passwords

author Kurt Zeilenga <kurt@openldap.org>

Thu, 29 Sep 2005 07:49:15 +0000 (07:49 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Thu, 29 Sep 2005 07:49:15 +0000 (07:49 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Thu, 29 Sep 2005 07:49:15 +0000 (07:49 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Thu, 29 Sep 2005 07:49:15 +0000 (07:49 +0000)
diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c

index 3d63e447fe2bf3bc7113e3102aa834c0c8ccfb8d..e803148d5d881d6f2e63bc93e4ebfc2e431936e6 100644 (file)
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -349,6 +349,15 @@ int slap_passwd_parse( struct berval *reqdata,
                         goto decoding_error;
                 }
  
+               if( oldpass->bv_len == 0 ) {
+                       Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD empty.\n",
+                               0, 0, 0 );
+
+                       *text = "old password value is empty";
+                       rc = LDAP_UNWILLING_TO_PERFORM;
+                       goto done;
+               }
+
                 tag = ber_peek_tag( ber, &len );
         }
  
@@ -371,6 +380,15 @@ int slap_passwd_parse( struct berval *reqdata,
                         goto decoding_error;
                 }
  
+               if( newpass->bv_len == 0 ) {
+                       Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW empty.\n",
+                               0, 0, 0 );
+
+                       *text = "new password value is empty";
+                       rc = LDAP_UNWILLING_TO_PERFORM;
+                       goto done;
+               }
+
                 tag = ber_peek_tag( ber, &len );
         }
author	Kurt Zeilenga <kurt@openldap.org>
	Thu, 29 Sep 2005 07:49:15 +0000 (07:49 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Thu, 29 Sep 2005 07:49:15 +0000 (07:49 +0000)