From e1029524b657d97327a20c6f8f605ba6b3c4b3c1 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 29 Sep 2005 07:49:15 +0000
Subject: [PATCH] Refuse empty old and/or new passwords

---
 servers/slapd/passwd.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 3d63e447fe..e803148d5d 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -349,6 +349,15 @@ int slap_passwd_parse( struct berval *reqdata,
 			goto decoding_error;
 		}
 
+		if( oldpass->bv_len == 0 ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: OLD empty.\n",
+				0, 0, 0 );
+
+			*text = "old password value is empty";
+			rc = LDAP_UNWILLING_TO_PERFORM;
+			goto done;
+		}
+
 		tag = ber_peek_tag( ber, &len );
 	}
 
@@ -371,6 +380,15 @@ int slap_passwd_parse( struct berval *reqdata,
 			goto decoding_error;
 		}
 
+		if( newpass->bv_len == 0 ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_passwd_parse: NEW empty.\n",
+				0, 0, 0 );
+
+			*text = "new password value is empty";
+			rc = LDAP_UNWILLING_TO_PERFORM;
+			goto done;
+		}
+
 		tag = ber_peek_tag( ber, &len );
 	}
 
-- 
2.39.5