Hi all,
Attached is a small patch to mod_authnz_ldap.c to move the checking of two
variables so that a) they are are checked before being used and b) checked
before actually going through the trouble of trying to get an LDAP
connection only to close it if the variable is NULL.
Hope this is helpful.
Kean
Index: mod_authnz_ldap.c
===================================================================
--- mod_authnz_ldap.c (revision 1558682)
+++ mod_authnz_ldap.c (working copy)
@@ -496,6 +496,19 @@
return AUTH_GENERAL_ERROR;
}
+ /* Get the password that the client sent */
+ if (password == NULL) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01692)
+ "auth_ldap authenticate: no password specified");
+ return AUTH_GENERAL_ERROR;
+ }
+
+ if (user == NULL) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01693)
+ "auth_ldap authenticate: no user specified");
+ return AUTH_GENERAL_ERROR;
+ }
+
/* There is a good AuthLDAPURL, right? */
if (sec->host) {
const char *binddn = sec->binddn;
@@ -518,21 +531,6 @@
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01691)
"auth_ldap authenticate: using URL %s", sec->url);
- /* Get the password that the client sent */
- if (password == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01692)
- "auth_ldap authenticate: no password specified");
- util_ldap_connection_close(ldc);
- return AUTH_GENERAL_ERROR;
- }
-
- if (user == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01693)
- "auth_ldap authenticate: no user specified");
- util_ldap_connection_close(ldc);
- return AUTH_GENERAL_ERROR;
- }
-
/* build the username filter */
authn_ldap_build_filter(filtbuf, r, user, NULL, sec);
