empty password is a valid password, don't crash

7 years ago · af2dd582e6
3 changed files with 8 additions and 1 deletions
--- a/mysql-test/r/set_password.result
+++ b/mysql-test/r/set_password.result
@ -174,4 +174,8 @@ connection default;
 select user,host,password,plugin,authentication_string from mysql.user where user='foo';
 user	host	password	plugin	authentication_string
 foo	localhost		mysql_native_password	*E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB
+set password for 'foo'@'localhost' = '';
+select user,host,password,plugin,authentication_string from mysql.user where user='foo';
+user	host	password	plugin	authentication_string
+foo	localhost		mysql_native_password	
 drop user foo@localhost;
--- a/mysql-test/t/set_password.test
+++ b/mysql-test/t/set_password.test
@ -142,4 +142,6 @@ show grants;
 --disconnect foo
 --connection default
 select user,host,password,plugin,authentication_string from mysql.user where user='foo';
+set password for 'foo'@'localhost' = '';
+select user,host,password,plugin,authentication_string from mysql.user where user='foo';
 drop user foo@localhost;
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -3864,7 +3864,8 @@ void set_authentication_plugin_from_password(const User_table& user_table,
                                             const char* password,
                                             uint password_length)
 {
-  if (password_length == SCRAMBLED_PASSWORD_CHAR_LENGTH)
+  if (password_length == SCRAMBLED_PASSWORD_CHAR_LENGTH ||
+      password_length == 0)
  {
    user_table.plugin()->store(native_password_plugin_name.str,
                               native_password_plugin_name.length,