Imported Upstream version 1.4.15upstream/1.4.15

author: Arno Töll <arno@debian.org> 2012-11-21 23:03:46 +0100
committer: Arno Töll <arno@debian.org> 2012-11-21 23:03:46 +0100
commit: 0f22664a8c9f92c8b7d5dd05772bacf7caecbd52 (patch)
tree: c85da4e4968e5ec69d6d154fa032672f45cb3e13 /src/http_auth.c
parent: 9fa7c3d770fb8688555b661940e04c3bf6b6d8aa (diff)
download: lighttpd-upstream/1.4.15.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/http_auth.c b/src/http_auth.c
index ae2560c..fc125cf 100644
--- a/src/http_auth.c
+++ b/src/http_auth.c
@@ -733,7 +733,8 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
 			}
 		}
 
-
+		if (p->conf.auth_ldap_allow_empty_pw != 1 && pw[0] == '\0')
+			return -1;
 
 		/* build filter */
 		buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap_filter_pre);
@@ -828,7 +829,6 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p,
 	realm = (data_string *)array_get_element(req, "realm");
 
 	username = buffer_init();
-	password = buffer_init();
 
 	base64_decode(username, realm_str);
 
@@ -845,6 +845,7 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p,
 
 	username->used = pw - username->ptr;
 
+	password = buffer_init();
 	/* copy password to r1 */
 	if (http_auth_get_password(srv, p, username, realm->value, password)) {
 		buffer_free(username);
author	Arno Töll <arno@debian.org>	2012-11-21 23:03:46 +0100
committer	Arno Töll <arno@debian.org>	2012-11-21 23:03:46 +0100
commit	0f22664a8c9f92c8b7d5dd05772bacf7caecbd52 (patch)
tree	c85da4e4968e5ec69d6d154fa032672f45cb3e13 /src/http_auth.c
parent	9fa7c3d770fb8688555b661940e04c3bf6b6d8aa (diff)
download	lighttpd-upstream/1.4.15.tar.gz