apply in SET PASSWORD same checks as in GRANT, to let only valid hashes through

mysql-test/r/connect.result

@@ -40,6 +40,8 @@ show tables;
 Tables_in_test
 update mysql.user set password=old_password("gambling2") where user=_binary"test";
 flush privileges;
+set password='gambling3';
+ERROR HY000: Password hash should be a 41-digit hexadecimal number
 set password=old_password('gambling3');
 show tables;
 Tables_in_mysql

mysql-test/t/connect.test

@@ -48,6 +48,8 @@ flush privileges;
 #connect (con1,localhost,test,gambling2,"");
 #show tables;
 connect (con1,localhost,test,gambling2,mysql);
+--error 1105
+set password='gambling3';
 set password=old_password('gambling3');
 show tables;
 connect (con1,localhost,test,gambling3,test);

sql/set_var.cc

@@ -2851,8 +2851,9 @@ int set_var_password::check(THD *thd)
   if (!user->host.str)
     user->host.str= (char*) thd->host_or_ip;
   /* Returns 1 as the function sends error to client */
-  return check_change_password(thd, user->host.str, user->user.str) ? 1 : 0;
-#else 
+  return check_change_password(thd, user->host.str, user->user.str, password) ?
+         1 : 0;
+#else
   return 0;
 #endif
 }
@@ -2861,8 +2862,8 @@ int set_var_password::update(THD *thd)
 {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   /* Returns 1 as the function sends error to client */
-  return (change_password(thd, user->host.str, user->user.str, password) ?
-	  1 : 0);
+  return change_password(thd, user->host.str, user->user.str, password) ?
+	  1 : 0;
 #else
   return 0;
 #endif

sql/sql_acl.cc

@@ -1127,13 +1127,14 @@ bool acl_check_host(const char *host, const char *ip)
       1		ERROR  ; In this case the error is sent to the client.
 */
 
-bool check_change_password(THD *thd, const char *host, const char *user)
+bool check_change_password(THD *thd, const char *host, const char *user,
+                           char *new_password)
 {
   if (!initialized)
   {
     net_printf(thd,ER_OPTION_PREVENTS_STATEMENT,
-             "--skip-grant-tables"); /* purecov: inspected */
-    return(1);                             /* purecov: inspected */
+             "--skip-grant-tables");
+    return(1);
   }
   if (!thd->slave_thread &&
       (strcmp(thd->user,user) ||
@@ -1147,6 +1148,15 @@ bool check_change_password(THD *thd, const char *host, const char *user)
     send_error(thd, ER_PASSWORD_ANONYMOUS_USER);
     return(1);
   }
+  uint len=strlen(new_password);
+  if (len != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
+      len != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
+  {
+    net_printf(thd, 0,
+               "Password hash should be a %d-digit hexadecimal number",
+               SCRAMBLED_PASSWORD_CHAR_LENGTH);
+    return -1;
+  }
   return(0);
 }
 
@@ -1174,7 +1184,7 @@ bool change_password(THD *thd, const char *host, const char *user,
 		      host,user,new_password));
   DBUG_ASSERT(host != 0);			// Ensured by parent
 
-  if (check_change_password(thd, host, user))
+  if (check_change_password(thd, host, user, new_password))
     DBUG_RETURN(1);
 
   VOID(pthread_mutex_lock(&acl_cache->lock));
@@ -1433,7 +1443,7 @@ static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
     if (combo.password.length != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
         combo.password.length != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
     {
-      my_printf_error(ER_PASSWORD_NO_MATCH,
+      my_printf_error(ER_UNKNOWN_ERROR,
                       "Password hash should be a %d-digit hexadecimal number",
                       MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
       DBUG_RETURN(-1);

sql/sql_acl.h

@@ -142,7 +142,8 @@ ulong acl_get(const char *host, const char *ip,
 int acl_getroot(THD *thd, USER_RESOURCES *mqh, const char *passwd,
                 uint passwd_len);
 bool acl_check_host(const char *host, const char *ip);
-bool check_change_password(THD *thd, const char *host, const char *user);
+bool check_change_password(THD *thd, const char *host, const char *user,
+                           char *password);
 bool change_password(THD *thd, const char *host, const char *user,
 		     char *password);
 int mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list,