From 9c6142dbbff91d160e8e457ce1e865973d825215 Mon Sep 17 00:00:00 2001 From: Varun Patil Date: Thu, 30 Nov 2023 23:11:34 -0800 Subject: [PATCH 1/2] server: prevent crash on blank DN bind --- lib/server.js | 2 +- test/server.test.js | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/lib/server.js b/lib/server.js index 6ee72b28..059de947 100644 --- a/lib/server.js +++ b/lib/server.js @@ -854,11 +854,11 @@ Server.prototype._getHandlerChain = function _getHandlerChain (req) { } // Otherwise, match via DN rules - assert.ok(req.dn) const keys = this._sortedRouteKeys() let fallbackHandler = [noSuffixHandler] // invalid DNs in non-strict mode are routed to the default handler const testDN = (typeof (req.dn) === 'string') ? DN.fromString(req.dn) : req.dn + assert.ok(testDN) for (let i = 0; i < keys.length; i++) { const suffix = keys[i] diff --git a/test/server.test.js b/test/server.test.js index d9339990..35c8230e 100644 --- a/test/server.test.js +++ b/test/server.test.js @@ -257,6 +257,27 @@ tap.test('bind/unbind identity anonymous', function (t) { }) }) +tap.test('does not crash on empty DN values', function (t) { + const server = ldap.createServer({ + connectionRouter: function (c) { + server.newConnection(c) + server.emit('testconnection', c) + } + }) + + server.listen(t.context.sock, function () { + const client = ldap.createClient({ socketPath: t.context.sock }) + server.once('testconnection', () => { + client.bind('', 'pw', function (err) { + t.ok(err, 'blank bind dn throws error') + client.unbind(function () { + server.close(() => t.end()) + }) + }) + }) + }) +}) + tap.test('bind/unbind identity user', function (t) { const server = ldap.createServer({ connectionRouter: function (c) { From b86c493e7bbec6ae1d639951158645e1515467d7 Mon Sep 17 00:00:00 2001 From: James Sumners Date: Fri, 1 Dec 2023 09:20:59 -0500 Subject: [PATCH 2/2] v3.0.7 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7a953f61..e814f0ee 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "name": "ldapjs", "homepage": "http://ldapjs.org", "description": "LDAP client and server APIs", - "version": "3.0.6", + "version": "3.0.7", "license": "MIT", "repository": { "type": "git",