From 9c6142dbbff91d160e8e457ce1e865973d825215 Mon Sep 17 00:00:00 2001
From: Varun Patil <radialapps@gmail.com>
Date: Thu, 30 Nov 2023 23:11:34 -0800
Subject: [PATCH] server: prevent crash on blank DN bind

---
 lib/server.js       |  2 +-
 test/server.test.js | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/lib/server.js b/lib/server.js
index 6ee72b2..059de94 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -854,11 +854,11 @@ Server.prototype._getHandlerChain = function _getHandlerChain (req) {
   }
 
   // Otherwise, match via DN rules
-  assert.ok(req.dn)
   const keys = this._sortedRouteKeys()
   let fallbackHandler = [noSuffixHandler]
   // invalid DNs in non-strict mode are routed to the default handler
   const testDN = (typeof (req.dn) === 'string') ? DN.fromString(req.dn) : req.dn
+  assert.ok(testDN)
 
   for (let i = 0; i < keys.length; i++) {
     const suffix = keys[i]
diff --git a/test/server.test.js b/test/server.test.js
index d933999..35c8230 100644
--- a/test/server.test.js
+++ b/test/server.test.js
@@ -257,6 +257,27 @@ tap.test('bind/unbind identity anonymous', function (t) {
   })
 })
 
+tap.test('does not crash on empty DN values', function (t) {
+  const server = ldap.createServer({
+    connectionRouter: function (c) {
+      server.newConnection(c)
+      server.emit('testconnection', c)
+    }
+  })
+
+  server.listen(t.context.sock, function () {
+    const client = ldap.createClient({ socketPath: t.context.sock })
+    server.once('testconnection', () => {
+      client.bind('', 'pw', function (err) {
+        t.ok(err, 'blank bind dn throws error')
+        client.unbind(function () {
+          server.close(() => t.end())
+        })
+      })
+    })
+  })
+})
+
 tap.test('bind/unbind identity user', function (t) {
   const server = ldap.createServer({
     connectionRouter: function (c) {