MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using cracklib plugin

Do not allow NULL password to pass directly to password validation plugin.

MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using cracklib plugin
Do not allow NULL password to pass directly to password validation plugin.
1512078a · Nirbhay Choubey · edbd0ced · 1512078a · 1512078a · 1512078a
Commit 1512078a authored Apr 29, 2016 by Nirbhay Choubey
5 changed files
--- a/mysql-test/suite/plugins/r/cracklib_password_check.result
+++ b/mysql-test/suite/plugins/r/cracklib_password_check.result
@@ -39,6 +39,12 @@ Warning	1819	cracklib: it is based on a dictionary word
 Error	1819	Your password does not satisfy the current policy requirements
 grant select on *.* to foobar identified by 'q$%^&*rty';
 drop user foobar;
+#
+# MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash
+# when using cracklib plugin
+#
+create user 'newuser'@'localhost';
+ERROR HY000: Your password does not satisfy the current policy requirements
 uninstall plugin cracklib_password_check;
 create user foo1 identified by 'pwd';
 drop user foo1;
--- a/mysql-test/suite/plugins/r/simple_password_check.result
+++ b/mysql-test/suite/plugins/r/simple_password_check.result
@@ -72,6 +72,8 @@ READ_ONLY	NO
 COMMAND_LINE_ARGUMENT	REQUIRED
 create user foo1 identified by 'pwd';
 ERROR HY000: Your password does not satisfy the current policy requirements
+create user foo1;
+ERROR HY000: Your password does not satisfy the current policy requirements
 grant select on *.* to foo1 identified by 'pwd';
 ERROR HY000: Your password does not satisfy the current policy requirements
 grant select on *.* to `FooBar1!` identified by 'FooBar1!';

--- a/mysql-test/suite/plugins/t/cracklib_password_check.test
+++ b/mysql-test/suite/plugins/t/cracklib_password_check.test
@@ -30,6 +30,14 @@ show warnings;
 grant select on *.* to foobar identified by 'q$%^&*rty';
 drop user foobar;

+--echo #
+--echo # MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash
+--echo # when using cracklib plugin
+--echo #
+
+--error ER_NOT_VALID_PASSWORD
+create user 'newuser'@'localhost';
+
 uninstall plugin cracklib_password_check;

 create user foo1 identified by 'pwd';

--- a/mysql-test/suite/plugins/t/simple_password_check.test
+++ b/mysql-test/suite/plugins/t/simple_password_check.test
@@ -16,6 +16,10 @@ select * from information_schema.system_variables where variable_name like 'simp
 --error ER_NOT_VALID_PASSWORD
 create user foo1 identified by 'pwd';

+# Create user with no password.
+--error ER_NOT_VALID_PASSWORD
+create user foo1;
+
 --error ER_NOT_VALID_PASSWORD
 grant select on *.* to foo1 identified by 'pwd';


--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -899,7 +899,9 @@ static bool validate_password(LEX_USER *user)
 {
  if (user->pwtext.length || !user->pwhash.length)
  {
-    struct validation_data data= { &user->user, &user->pwtext };
+    struct validation_data data= { &user->user,
+                                   user->pwtext.str ? &user->pwtext :
+                                   const_cast<LEX_STRING *>(&empty_lex_str) };
    if (plugin_foreach(NULL, do_validate,
                       MariaDB_PASSWORD_VALIDATION_PLUGIN, &data))
    {