From 71a35bb30cee4fa7231ea250813d96b1af112d55 Mon Sep 17 00:00:00 2001
From: mha <mha>
Date: Thu, 25 Jun 2009 11:30:08 +0000
Subject: [PATCH] Disallow empty passwords in LDAP authentication, the same way
 we already do it for PAM.

---
 src/backend/libpq/auth.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 5c223d347b..fc184e1fe4 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -2066,6 +2066,13 @@ CheckLDAPAuth(Port *port)
 	if (passwd == NULL)
 		return STATUS_EOF;		/* client wouldn't send password */
 
+	if (strlen(passwd) == 0)
+	{
+		ereport(LOG,
+				(errmsg("empty password returned by client")));
+		return STATUS_ERROR;
+	}
+
 	ldap = ldap_init(port->hba->ldapserver, port->hba->ldapport);
 	if (!ldap)
 	{
-- 
2.11.4.GIT