From febe91256f2917a31857c4ce2f7e30725b3d580d Mon Sep 17 00:00:00 2001
From: Donald Huang <don.hcd@gmail.com>
Date: Tue, 27 Jan 2015 18:30:47 -0800
Subject: [PATCH] avoid crashes comparing groups

---
 ngx_http_auth_ldap_module.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c
index d9b7239..92c37db 100644
--- a/ngx_http_auth_ldap_module.c
+++ b/ngx_http_auth_ldap_module.c
@@ -1956,8 +1956,13 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *
 
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: Comparing user group with \"%V\"", &val);
 
-    rc = ldap_compare_ext(ctx->c->ld, (const char *) val.data, (const char *) ctx->server->group_attribute.data,
-            &bvalue, NULL, NULL, &ctx->c->msgid);
+    if (ctx->server->group_attribute.data == NULL) {
+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: group_attribute.data is \"%V\" so calling a failure here", &ctx->server->group_attribute.data);
+        rc = !LDAP_SUCCESS;
+    } else {
+        rc = ldap_compare_ext(ctx->c->ld, (const char *) val.data, (const char *) ctx->server->group_attribute.data,
+                &bvalue, NULL, NULL, &ctx->c->msgid);
+    }
     if (rc != LDAP_SUCCESS) {
         ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ldap_compare_ext() failed (%d: %s)",
             rc, ldap_err2string(rc));