1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## Address CVE-2007-3193 by thijs@debian.org
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: CVE-2007-3193
@DPATCH@
diff -ur phpwiki-1.3.12p3.orig/lib/WikiUser/LDAP.php phpwiki-1.3.12p3/lib/WikiUser/LDAP.php
--- phpwiki-1.3.12p3.orig/lib/WikiUser/LDAP.php 2006-06-18 13:19:28.000000000 +0200
+++ phpwiki-1.3.12p3/lib/WikiUser/LDAP.php 2007-09-09 13:44:32.000000000 +0200
@@ -61,6 +61,11 @@
if (!$this->_checkPassLength($submitted_password)) {
return WIKIAUTH_FORBIDDEN;
}
+ if (strlen($submitted_password) == 0) {
+ trigger_error(_("Empty password not allowed for LDAP"), E_USER_WARNING);
+ $this->_free();
+ return WIKIAUTH_FORBIDDEN;
+ }
if (strstr($userid,'*')) {
trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid),
E_USER_WARNING);
|
