From 2e087f12f40c01958144f8cba5f17ef69d5bbde5 Mon Sep 17 00:00:00 2001 From: Clement Michaud Date: Sun, 15 Oct 2017 02:05:15 +0200 Subject: [PATCH] Fix out of bound access in LDAP results array --- server/src/lib/ldap/Client.ts | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/server/src/lib/ldap/Client.ts b/server/src/lib/ldap/Client.ts index 823d4097..c391bbde 100644 --- a/server/src/lib/ldap/Client.ts +++ b/server/src/lib/ldap/Client.ts @@ -10,6 +10,7 @@ import { ILdapClient } from "./ILdapClient"; import { ILdapClientFactory } from "./ILdapClientFactory"; import { LdapConfiguration } from "../configuration/Configuration"; import { Winston } from "../../../types/Dependencies"; +import Util = require("util"); export class Client implements IClient { @@ -75,8 +76,12 @@ export class Client implements IClient { that.logger.debug("LDAP: searching for user dn of %s", username); return that.ldapClient.searchAsync(this.options.users_dn, query) .then(function (users: { dn: string }[]) { - that.logger.debug("LDAP: retrieved user dn is %s", users[0].dn); - return BluebirdPromise.resolve(users[0].dn); + if (users.length > 0) { + that.logger.debug("LDAP: retrieved user dn is %s", users[0].dn); + return BluebirdPromise.resolve(users[0].dn); + } + return BluebirdPromise.reject(new Error( + Util.format("No user DN found for user '%s'", username))); }); }