From 766c30737f449bba524168d8f634f27cf200de15 Mon Sep 17 00:00:00 2001
From: Daniel Markstedt <daniel@mindani.net>
Date: Mon, 4 May 2026 21:39:45 +0200
Subject: [PATCH] CVE-2026-44052: libatalk: avoid logging LDAP bind passwords

Reported-by: @00redbeer
Signed-off-by: Daniel Markstedt <daniel@mindani.net>
---
 libatalk/acl/ldap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libatalk/acl/ldap.c b/libatalk/acl/ldap.c
index 9e34f281a..6aba52d7b 100644
--- a/libatalk/acl/ldap.c
+++ b/libatalk/acl/ldap.c
@@ -182,8 +182,8 @@ static int ldap_getattr_fromfilter_withbase_scope(const char *searchbase,
             if (ldap_bind_s(ld, ldap_auth_dn, ldap_auth_pw,
                             ldap_auth_method) != LDAP_SUCCESS) {
                 LOG(log_error, logtype_default,
-                    "ldap: ldap_bind failed: ldap_auth_dn: \'%s\', ldap_auth_pw: \'%s\', ldap_auth_method: \'%d\'",
-                    ldap_auth_dn, ldap_auth_pw, ldap_auth_method);
+                    "ldap: ldap_bind failed: ldap_auth_dn: \'%s\', ldap_auth_method: \'%d\'",
+                    ldap_auth_dn, ldap_auth_method);
                 free(ld);
                 ld = NULL;
                 return -1;