From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 29 Sep 2005 07:49:15 +0000 (+0000)
Subject: Refuse empty old and/or new passwords
X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~359
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e1029524b657d97327a20c6f8f605ba6b3c4b3c1;p=openldap

Refuse empty old and/or new passwords
---

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 3d63e447fe..e803148d5d 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -349,6 +349,15 @@ int slap_passwd_parse( struct berval *reqdata,
 			goto decoding_error;
 		}
 
+		if( oldpass->bv_len == 0 ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD empty.\n",
+				0, 0, 0 );
+
+			*text = "old password value is empty";
+			rc = LDAP_UNWILLING_TO_PERFORM;
+			goto done;
+		}
+
 		tag = ber_peek_tag( ber, &len );
 	}
 
@@ -371,6 +380,15 @@ int slap_passwd_parse( struct berval *reqdata,
 			goto decoding_error;
 		}
 
+		if( newpass->bv_len == 0 ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW empty.\n",
+				0, 0, 0 );
+
+			*text = "new password value is empty";
+			rc = LDAP_UNWILLING_TO_PERFORM;
+			goto done;
+		}
+
 		tag = ber_peek_tag( ber, &len );
 	}