Check for zero length passwords in LDAP module. (#3827)

author: Mateusz Hromada <ruandus@gmail.com> 2016-12-21 09:43:37 +0100
committer: 无闻 <u@gogs.io> 2016-12-21 03:43:37 -0500
commit: 2cfdce88e0b66bc6d6a52507ab682be76289aa6f (patch)
tree: f5acd6d198abfef01a842336e955e17f87aa1776 /modules/auth/ldap/ldap.go
parent: ca6cbb95cc8af4216a457f5940e1d5bf756723c2 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index cb50fceb..f6feb07a 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -150,6 +150,11 @@ func bindUser(l *ldap.Conn, userDN, passwd string) error {
 
 // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
 func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) {
+	// See https://tools.ietf.org/search/rfc4513#section-5.1.2
+	if len(passwd) == 0 {
+		log.Debug("Auth. failed for %s, password cannot be empty")
+		return "", "", "", "", false, false
+	}
 	l, err := dial(ls)
 	if err != nil {
 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
author	Mateusz Hromada <ruandus@gmail.com>	2016-12-21 09:43:37 +0100
committer	无闻 <u@gogs.io>	2016-12-21 03:43:37 -0500
commit	2cfdce88e0b66bc6d6a52507ab682be76289aa6f (patch)
tree	f5acd6d198abfef01a842336e955e17f87aa1776 /modules/auth/ldap/ldap.go
parent	ca6cbb95cc8af4216a457f5940e1d5bf756723c2 (diff)