server: prevent crash on blank DN bind

req.dn used to be parsed, now it's a string. This causes the server to crash because the assertion error cannot be trapped Signed-off-by: Varun Patil <radialapps@gmail.com>
ldapjs · Nov 28, 2023 · 3a862d7 · 3a862d7
1 parent 6ceef13
commit 3a862d7
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/lib/server.js b/lib/server.js
@@ -854,11 +854,11 @@ Server.prototype._getHandlerChain = function _getHandlerChain (req) {
   }
 
   // Otherwise, match via DN rules
-  assert.ok(req.dn)
   const keys = this._sortedRouteKeys()
   let fallbackHandler = [noSuffixHandler]
   // invalid DNs in non-strict mode are routed to the default handler
   const testDN = (typeof (req.dn) === 'string') ? DN.fromString(req.dn) : req.dn
+  assert.ok(testDN)
 
   for (let i = 0; i < keys.length; i++) {
     const suffix = keys[i]

diff --git a/test/server.test.js b/test/server.test.js
@@ -250,7 +250,18 @@ tap.test('bind/unbind identity anonymous', function (t) {
         client.unbind(function (err) {
           t.error(err, 'client anon unbind error')
           t.ok(anonDN.equals(c.ldap.bindDN), 'anon unbind dn is correct')
-          server.close(() => t.end())
+
+          // blank bind dn but non-blank password
+          const client2 = ldap.createClient({ socketPath: t.context.sock })
+          client2.bind('', 'pw', function (err) {
+            t.error(err, 'client anon bind with credentials error')
+            t.ok(anonDN.equals(c.ldap.bindDN), 'anon bind with credentials dn is correct')
+            client2.unbind(function (err) {
+              t.error(err, 'client anon  with credentials unbind error')
+              t.ok(anonDN.equals(c.ldap.bindDN), 'anon unbind with credentials dn is correct')
+              server.close(() => t.end())
+            })
+          })
         })
       })
     })